Bug 134323 - NSCD not flushing caches on local user/group operations
NSCD not flushing caches on local user/group operations
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: shadow-utils (Show other bugs)
rawhide
i386 Linux
medium Severity high
: ---
: ---
Assigned To: Peter Vrabec
David Lawrence
:
Depends On:
Blocks: FC4Target
  Show dependency treegraph
 
Reported: 2004-10-01 08:43 EDT by Nicolas Troncoso Carrere
Modified: 2007-11-30 17:10 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-05-23 11:03:48 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)
nscd -d -d -d output when installing postgresql-server (2.25 KB, text/plain)
2004-10-07 00:41 EDT, Nicolas Troncoso Carrere
no flags Details
shadow-4.0.7-nscd-socket-path.patch (1000 bytes, patch)
2005-05-21 04:52 EDT, Jakub Jelinek
no flags Details | Diff

  None (edit)
Description Nicolas Troncoso Carrere 2004-10-01 08:43:34 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7)
Gecko/20040808 Firefox/0.9.3

Description of problem:
When i tried to install postgressql-server the creation of the
postgres user would fail, rendering the postgresql-sever instalation
unuseful.

If nscd service is stoped the problem can not be reproduced, that's
why i think its a nscd issue.

Version-Release number of selected component (if applicable):
nscd-2.3.3 from glibc-2.3.3-27.src.rpm

How reproducible:
Always

Steps to Reproduce:
1. Use LDAP authentication
2. Enable NSCD caching
3. Install postgresql-server on a clean instalation. (the whole point
is that the postgres user must no existe yet).
    

Actual Results:  rpm complains that user postgres does no exist and
uses root as default. Big no no.

Expected Results:  Clean rpm exit

Additional info:

Using LDAP authetication
Enabling nscd cache (if not the 40 clients en up hanging the master
server)
Comment 1 Ulrich Drepper 2004-10-06 00:49:12 EDT
Please do the following:

~ start with a clean slate
~ stop nscd
~ run, by hand as root

    /usr/sbin/nscd -d -d -d

  this won't terminate

~ in another terminal perform the installation

Attach the output of the nscd run to this bug.
Comment 2 Nicolas Troncoso Carrere 2004-10-07 00:41:58 EDT
Created attachment 104880 [details]
nscd -d -d -d output when installing postgresql-server
Comment 3 Oliver Falk 2005-05-21 03:40:46 EDT
It's now some time ago, that the bug was reported and the bug still is alive! 
I have it on FC3 as well on my FCDevel Box. 

I also received a mail mentioning this:
nscd in FC has been patched to prune the password, group and hosts caches when 
it receives a SIGHUP, and shadow-utils has been patched to HUP nscd on 
relevant operations.
http://cvs.fedora.redhat.com/viewcvs/devel/glibc/glibc-fedora.patch?
rev=.&view=auto
http://cvs.fedora.redhat.com/viewcvs/devel/shadow-utils/shadow-4.0.3-
nscd.patch?rev=.&view=auto

There was a bug at FC2'ish time where the nscd pid file had moved so that the 
HUP never happened.  But that was fixed last year...
https://bugzilla.redhat.com/125421
Comment 4 Oliver Falk 2005-05-21 03:52:11 EDT
More Info:

My versions:
glibc-2.3.5-6
nscd-2.3.5-6
shadow-utils-4.0.7-7

Example:
rpm -Uvh test-0.1-1.i386.rpm
Preparing...                ########################################### [100%]
   1:test                   warning: group test does not exist - using root3%)
########################################### [100%]
warning: group test does not exist - using root

rpm -qp --scripts test-0.1-1.i386.rpm
preinstall scriptlet (using /bin/sh):
groupadd -r test >/dev/null 2>&1
postuninstall scriptlet (using /bin/sh):
groupdel test >/dev/null 2>&1
Comment 5 Ville Skyttä 2005-05-21 04:20:27 EDT
LDAP does not seem to play a part in this, so adjusting summary.

Anyway, this problem has resurfaced in FC4t3 (it doesn't occur in FC3). 
Reproducer (no LDAP configured, just using OOTB FC4t3 configuration):

  # /etc/init.d/nscd start
  # /usr/sbin/useradd test
  # /usr/sbin/userdel test
  userdel: user test does not exist
  # /usr/sbin/nscd -i passwd
  # /usr/sbin/userdel test
  # (works)

I straced useradd, and it does not appear to look for the nscd PID file in order
to HUP it any more.  So probably this is a shadow-utils bug, dunno.  No messages
in syslog or audit.log.
Comment 6 Jakub Jelinek 2005-05-21 04:48:09 EDT
This is a bug in shadow-utils.  It seems 4.0.7 now instead of HUPing nscd
connects to its socket directly and requests invalidation.
But, nscd almost 2 years ago changed the location of its socket.
Comment 7 Jakub Jelinek 2005-05-21 04:52:27 EDT
Created attachment 114666 [details]
shadow-4.0.7-nscd-socket-path.patch

Untested fix.
I think this ought to be fixed for FC4, it is a regression from FC3.

Note You need to log in before you can comment on or make changes to this bug.