Bug 953545
Summary: | nscd change group lookup results | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 6 | Reporter: | TCottier <thomas.cottier> |
Component: | glibc | Assignee: | glibc team <glibc-bugzilla> |
Status: | CLOSED WONTFIX | QA Contact: | qe-baseos-tools-bugs |
Severity: | medium | Docs Contact: | |
Priority: | unspecified | ||
Version: | 6.4 | CC: | codonell, fincht, frank.enderle, fweimer, igeorgex, jarrod.makin, mhamant, mnewsome, pfrankli, thomas.cottier |
Target Milestone: | rc | ||
Target Release: | --- | ||
Hardware: | x86_64 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2017-11-08 09:39:38 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
TCottier
2013-04-18 12:26:02 UTC
It's probably an unnecessary question, but I'm going to ask it anyway. Did you invalidate the nscd cache when you checked? You can do that by issuing the `nscd -i group` command. Hi and thanks for watching that problem. I just retried to be sure, and I can confirm that even after the cache has been invalidated the problem persists. Raw paste: # service nscd status nscd (pid 2054) is running... # getent group gpig gpig:x:1101:admin,john # id -Gn john john # nscd -i group # nscd -i passwd # id -Gn john john # service nscd stop Stopping nscd: [ OK ] # id -Gn john john gpig Hi, do you need any other informations about this problem? Can I help you in anything to determine what's wrong? Thomas. (In reply to TCottier from comment #7) > Hi, do you need any other informations about this problem? Can I help you in > anything to determine what's wrong? At present we don't need any more information. We aren't presently working on this issue, but I've scheduled it for review as part of our development process. All I can say is that nscd should not be dropping any groups. You may wish to start nscd with debug-level set to 7 in /etd/nscd.conf and look at the transactions in detail to see what the server is doing and if anything sticks out as wrong. Hi, I can confirm this bug on my CentOS 6.5. I want to add that getent returns expected results about group membership. The problem occurs with 'id' command, which don't return all the group that belongs to the user. This issue seems really linked to https://bugzilla.redhat.com/show_bug.cgi?id=706571 I confirm this bug for CentOS 6.5. Package: nscd.x86_64 0:2.12-1.132.el6_5.2 id only shows groups for local defined /etc/groups settings, neglecting libnss-mysql grouplist entries when nscd is running. disabling the group cache in nscd solves the problem. Seeing this issue on RHEL 6.6. Have the following version of nscd installed: nscd-2.12-1.149.el6_6.5.x86_64 I am also using libnss-mysql. When I enable nscd and run: groups <user> to check, only the default group is displayed. When I disable nscd and re-run the command, it shows all of the groups the user belongs to. (In reply to Siddhesh Poyarekar from comment #4) > It's probably an unnecessary question, but I'm going to ask it anyway. Did > you invalidate the nscd cache when you checked? You can do that by issuing > the `nscd -i group` command. Yes I did. Can you reproduce this issue with another NSS service module besides libnss-mysql? If you are using the version in Fedora, it's no longer maintained upstream. I did not tried with another nss services. I witnessed something similar to this today Can you show us the output of: ls -l /etc/libnss-mysql.cfg /etc/libnss-mysql-root.cfg If the files aren't readable by the nscd user, you may get unintended consequences I've just tested with chown nscd.nscd /etc/libnss-mysql* and the results are the same. I guess the problem is more on the nscd side as libnss-mysql works fine when we stop the cache service. Have you tried running nscd --invalidate=passwd and nscd --invalidate=group after this? Of course :) Red Hat Enterprise Linux 6 transitioned to the Production 3 Phase on May 10, 2017. During the Production 3 Phase, Critical impact Security Advisories (RHSAs) and selected Urgent Priority Bug Fix Advisories (RHBAs) may be released as they become available. This issue does not qualify, and there is insufficient information in this report to identify the root cause of this issue. Development Management has reviewed and declined this request. You may appeal this decision by reopening this request. |