Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
For bugs related to Red Hat Enterprise Linux 5 product line. The current stable release is 5.10. For Red Hat Enterprise Linux 6 and above, please visit Red Hat JIRA https://issues.redhat.com/secure/CreateIssue!default.jspa?pid=12332745 to report new issues.

Bug 1174702

Summary: large groups using db auth don't appear to be added to user
Product: Red Hat Enterprise Linux 5 Reporter: Martin Žember <mzember>
Component: nss_dbAssignee: Nalin Dahyabhai <nalin>
Status: CLOSED WONTFIX QA Contact: BaseOS QE Security Team <qe-baseos-security>
Severity: medium Docs Contact:
Priority: urgent    
Version: 5.11CC: a.badger, aoliva, cww, dpal, ebenes, jhradile, kevin, ksrot, nalin, ohudlick, omoris, prc, rdassen
Target Milestone: rc   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 751461 Environment:
Last Closed: 2017-04-18 21:55:05 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Martin Žember 2014-12-16 10:39:54 UTC 
This bug has been fixed in RHEL-6, no bug has been filed for RHEL-5.
There were more customer cases linked to RHEL-6 bugs.
Consider if this may happen in RHEL-5 and is worth fixing.

The bug is covered by a test.

+++ This bug was initially created as a clone of Bug #751461 +++

We use: 

group:      db files

in /etc/nsswitch.conf

We have a group that has 5130 uses in it. This group isn't added to users who login that are in the group. 
You can 'newgrp groupname' and it works. It also works if you add it to local /etc/groups, but by default users don't show that group in id or groups, and can't otherwise use those groups.

--- Additional comment from Nalin Dahyabhai on 2012-01-19 17:28:02 EST ---

We're fixing this bug in glibc for 6.3.  Proposing an exception to fix this package at the same time.


--- Additional comment from J.H.M. Dassen (Ray) on 2012-02-06 11:43:14 EST ---

Duplicate bug #787382 has a detailed reproducer. I have verified that the
proposed patch fixes things with that reproducer scenario.
Comment 1 RHEL Program Management 2014-12-16 10:48:01 UTC 
This request was evaluated by Red Hat Product Management for
inclusion in the current release of Red Hat Enterprise Linux.
Because the affected component is not scheduled to be updated
in the current release, Red Hat is unable to address this
request at this time.

Red Hat invites you to ask your support representative to
propose this request, if appropriate, in the next release of
Red Hat Enterprise Linux.
Comment 3 Chris Williams 2017-04-18 21:55:05 UTC 
Red Hat Enterprise Linux 5 shipped it's last minor release, 5.11, on September 14th, 2014. On March 31st, 2017 RHEL 5 exited Production Phase 3 and entered Extended Life Phase. For RHEL releases in the Extended Life Phase, Red Hat  will provide limited ongoing technical support. No bug fixes, security fixes, hardware enablement or root-cause analysis will be available during this phase, and support will be provided on existing installations only.  If the customer purchases the Extended Life-cycle Support (ELS), certain critical-impact security fixes and selected urgent priority bug fixes for the last minor release will be provided.  For more details please consult the Red Hat Enterprise Linux Life Cycle Page:
https://access.redhat.com/support/policy/updates/errata

This BZ does not appear to meet ELS criteria so is being closed WONTFIX. If this BZ is critical for your environment and you have an Extended Life-cycle Support Add-on entitlement, please open a case in the Red Hat Customer Portal, https://access.redhat.com ,provide a thorough business justification and ask that the BZ be re-opened for consideration of an errata. Please note, only certain critical-impact security fixes and selected urgent priority bug fixes for the last minor release can be considered.