Bug 1028134 - snapper: user/group name resolution
snapper: user/group name resolution
Status: ASSIGNED
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: snapper (Show other bugs)
7.0
Unspecified Unspecified
low Severity low
: rc
: 7.1
Assigned To: Ondrej Kozina
Jakub Krysl
: Reopened
Depends On: 1163208
Blocks: 1028133
  Show dependency treegraph
 
Reported: 2013-11-07 13:06 EST by Florian Weimer
Modified: 2018-04-17 03:19 EDT (History)
6 users (show)

See Also:
Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
: 1163208 (view as bug list)
Environment:
Last Closed: 2015-05-06 07:45:49 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Florian Weimer 2013-11-07 13:06:52 EST
_SC_GETPW_R_SIZE_MAX and _SC_GETGR_R_SIZE_MAX are only size *hints*.  Their names are misleading, it is not a maximum size.  snapperd should still loop around the getpwnam_r and getgrnam_r calls and allocate more memory as necessary (on the heap, not the stack).  This is required so that users in many groups and groups with many users can access snapperd.  Affected the functions get_user_uid and get_group_uids in server/MetaSnapper.cc.
Comment 3 Ondrej Kozina 2014-02-26 07:10:53 EST
We'll advise not to set ALLOW_USERS or ALLOW_GROUPS in snapper config anyway. It would bypass MAC and would expose files not visible to identities in ALLOW_*
Comment 6 RHEL Product and Program Management 2015-05-06 07:45:49 EDT
Development Management has reviewed and declined this request.
You may appeal this decision by reopening this request.
Comment 7 Ondrej Kozina 2015-05-06 07:59:42 EDT
should have been Cond NAK only

Note You need to log in before you can comment on or make changes to this bug.