Description of problem: there's no user nfsnobody after install nfs-utils Version-Release number of selected component (if applicable): Fedora-26 latest Fedora-rawhide How reproducible: always Steps to Reproduce: 1. yum install -y nfs-utils 2. id nfsnobody Actual results: [yjh@Fedora-26 ~]$ id nfsnobody id: "nfsnobody": no such user Expected results: [yjh@fs-qe ~]$ id nfsnobody uid=65534(nfsnobody) gid=65534(nfsnobody) groups=65534(nfsnobody) Additional info:
[yjh@Fedora-26 ~]$ rpm -q --scripts nfs-utils | grep nfsnobody # Using the 16-bit value of -2 for the nfsnobody uid and gid # Create nfsnobody gid as long as it does not already exist cat /etc/group | cut -d':' -f 1 | grep --quiet nfsnobody 2>/dev/null /usr/sbin/groupadd -g 65534 nfsnobody >/dev/null 2>&1 || : /usr/sbin/groupmod -g 65534 nfsnobody >/dev/null 2>&1 || : # Create nfsnobody uid as long as it does not already exist. cat /etc/passwd | cut -d':' -f 1 | grep --quiet nfsnobody 2>/dev/null -s /sbin/nologin -u 65534 -d /var/lib/nfs nfsnobody >/dev/null 2>&1 || : /usr/sbin/usermod -u 65534 -g 65534 nfsnobody >/dev/null 2>&1 || : [yjh@Fedora-26 ~]$ sudo /usr/sbin/groupadd -g 65534 nfsnobody groupadd: GID '65534' already exists [yjh@Fedora-26 ~]$ sudo /usr/sbin/groupadd -g 65534 nfsnobody groupadd: GID '65534' already exists [yjh@Fedora-26 ~]$ id 65534 uid=65534(nobody) gid=65534(nobody) groups=65534(nobody) ^^^^^^ what !? [yjh@Fedora-26 ~]$ grep nobody /etc/group nobody:x:99: ^^^^^^ what !? [yjh@Fedora-26 ~]$ grep nobody /etc/passwd nobody:x:99:99:Nobody:/:/sbin/nologin
according Comment 1, this is not bug of Component nfs-utils but which one should I change to?
(In reply to Yin.JianHong from comment #2) > according Comment 1, this is not bug of Component nfs-utils > but which one should I change to? What is in /etc/shadow ?
(In reply to Steve Dickson from comment #3) > (In reply to Yin.JianHong from comment #2) > > according Comment 1, this is not bug of Component nfs-utils > > but which one should I change to? > > What is in /etc/shadow ? [yjh@dhcp-12-238 ~]$ sudo grep nfsnobody /etc/shadow [yjh@dhcp-12-238 ~]$ sudo grep nobody /etc/shadow nobody:*:17206:0:99999:7:::
This bug appears to have been reported against 'rawhide' during the Fedora 28 development cycle. Changing version to '28'.
I can not seem to reproduce this.... Here is what I did.. f28# dnf remove nfs-utils f28# grep nfsnobody /etc/passwd /etc/group /etc/passwd:nfsnobody:x:65534:65534:Anonymous NFS User:/var/lib/nfs:/sbin/nologin /etc/group:nfsnobody:x:65534: f28# userdel nfsnobody f28# grep nfsnobody /etc/passwd /etc/group f28# dnf install nfs-utils f28# grep nfsnobody /etc/passwd /etc/group /etc/passwd:nfsnobody:x:65534:65534:Anonymous NFS User:/var/lib/nfs:/sbin/nologin /etc/group:nfsnobody:x:65534:
I'm seeing the same even when just issuing the group add: # groupadd -g 65534 nfsnobody groupadd: GID '65534' already exists # grep nfsnobody /etc/group # grep nfsnobody /etc/shadow # grep 65534 /etc/group # grep 65535 /etc/shadow This is on a fresh F27 server install. I installed the nfs-utils package (via ansible). User not installed. Uninstall package. Try to create user manually. Error as above. Since F27 is still supported re-opening.
(In reply to Tim Niemueller from comment #7) > I'm seeing the same even when just issuing the group add: > > # groupadd -g 65534 nfsnobody > groupadd: GID '65534' already exists > > # grep nfsnobody /etc/group > # grep nfsnobody /etc/shadow > # grep 65534 /etc/group > # grep 65535 /etc/shadow > > This is on a fresh F27 server install. I installed the nfs-utils package > (via ansible). User not installed. Uninstall package. Try to create user > manually. Error as above. Since F27 is still supported re-opening. How is this an nfs-utils problem? If groupadd says the group exists and it does not.... nfs-utils problem???
It's not the cause, but it seems to suffer from the same problem. It does not create the nfsnobody user which it should.
The result depends on the order of operations. New setup rpms (F28+) will try to create 'nobody', but only if the name or uid are not taken yet. nfs-utils will try to create 'nfsnobody', again only if the name and uid are not taken. So the steps in https://bugzilla.redhat.com/show_bug.cgi?id=1488897#c6 recreate 'nfsnobody' because there is no "interference" from setup. This bug report is about nfsnobody not existing, but this is not a bug. This user should not exist anymore. I'll file a PR to make that part of the nfs-utils scriptlets clearer.
https://src.fedoraproject.org/rpms/nfs-utils/pull-request/5 https://src.fedoraproject.org/rpms/nfs-utils/pull-request/6
Please note that this specific bug was reported against F27 for which nfsnobody should be created.
Oh, on F27 systemd's nss-systemd might generate the user on the fly. This is also OK.
No, it didn't. We needed the user only for the mapping from a container and it did not exist. And, as mentioned, we could not even create it with useradd. We ended up patching /etc/passwd with ansible.
Actually you didn't ever explain why you need the user. Everything should work fine without the user defined in /etc/passwd.
We needed it to change permissions of files/directories from the container (to pre-layout the filesystem before we pass it to the container). On a second thought, we could simply have used the numeric IDs. But that seems odd. In any case, we do have a working solution for our case and once we upgrade it'll be fixed anyway (and I like the new way better). I'm still curious why the user was rejected to be created even though it did not exist. Which component actually blocks this?
> In any case, we do have a working solution I'm glad to hear that ;) > why the user was rejected to be created even though it did not exist. It exists. It's just not provided by nss-files but by nss-systemd instead.
... or at least I assume it exists based on the error message above. 'getent passwd 65534` should confirm that.
(In reply to Zbigniew Jędrzejewski-Szmek from comment #11) > https://src.fedoraproject.org/rpms/nfs-utils/pull-request/5 > https://src.fedoraproject.org/rpms/nfs-utils/pull-request/6 Why is the creation of the group being removed in these pull-requests?
It's not. Just the usermod/groupmod call to modify an existing user or group are removed. I removed them because they are only useful for upgrading from very old systems that have this user or group defined with some different number. In general Fedora only supports upgrades from two-three releases ago, and an existing user/group with different number seems like a very fringe case anyway. After the update, the scriptlets support the three realistic cases cleanly: an upgraded system with nobody=99,nfsnobody=undefined, nobody=99,nfsnobody=65534, nobody=65534,nfsnobody=undefined.
Also what is the difference between %global and %define?
https://fedoraproject.org/wiki/Packaging:Guidelines#.25global_preferred_over_.25define
nfs-utils-2.3.1-9.rc1.fc28 has been submitted as an update to Fedora 28. https://bodhi.fedoraproject.org/updates/FEDORA-2018-15092082d7
nfs-utils-2.3.1-9.rc1.fc28 has been pushed to the Fedora 28 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-15092082d7
nfs-utils-2.3.1-9.rc1.fc28 has been pushed to the Fedora 28 stable repository. If problems still persist, please make note of it in this bug report.