Bug 1581809 - glibc: Modernise nsswitch.conf defaults
Summary: glibc: Modernise nsswitch.conf defaults
Alias: None
Product: Fedora
Classification: Fedora
Component: glibc
Version: 28
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Florian Weimer
QA Contact: Fedora Extras Quality Assurance
Depends On:
Blocks: 1581807
TreeView+ depends on / blocked
Reported: 2018-05-23 16:28 UTC by Florian Weimer
Modified: 2018-06-23 20:48 UTC (History)
11 users (show)

Fixed In Version: glibc-2.27.9000-22.fc29 glibc-2.27-19.fc28
Doc Type: If docs needed, set a value
Doc Text:
Clone Of: 1392540
Last Closed: 2018-06-23 20:48:07 UTC
Type: Bug

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Red Hat Bugzilla 1392540 0 high CLOSED glibc: default nsswitch.conf does not list sss for the automount service 2021-02-22 00:41:40 UTC

Internal Links: 1392540

Description Florian Weimer 2018-05-23 16:28:09 UTC
+++ This bug was initially created as a clone of Bug #1392540 +++

Description of problem:
Newly provisioned RHEL 7.3 systems in IPA environment do not have functioning autofs due to the 'sss' option not being added to the automount entry of nsswitch.conf.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. ipa-client-automount

Actual results:
automount:  files 

Expected results:
automount:  files sss

Additional info:

Comment 1 Florian Weimer 2018-05-25 09:37:18 UTC
We should drop all references to nis, nispuls, and add sss as requested.

Comment 2 Florian Weimer 2018-05-25 10:00:21 UTC
Should we list sss before files to obtain better caching?

Here is what I came up with so far:

passwd:     sss files
shadow:     files sss
group:      sss files

hosts:      files dns myhostname

bootparams: files

ethers:     files
netmasks:   files
networks:   files
protocols:  files
rpc:        files
services:   files sss

netgroup:   sss

publickey:  files

automount:  files sss
aliases:    files

Comment 3 DJ Delorie 2018-05-25 17:06:15 UTC
No, because that precludes the use of local files to provide local overrides, such as a machine-specific root password

Comment 4 Simo Sorce 2018-05-25 17:36:23 UTC
sssd never provides a root account by design.
as a default it makes sense, overrides are special actions that can be dealt with by manually changing nsswitch.conf if you have a conflict (but note that sssd also has a way to remap cerntal users so you can avoid conflicts should you need to).

Comment 5 Fedora Update System 2018-06-20 16:59:31 UTC
glibc-2.27-19.fc28 has been submitted as an update to Fedora 28. https://bodhi.fedoraproject.org/updates/FEDORA-2018-e51a452b8f

Comment 6 Fedora Update System 2018-06-21 16:13:51 UTC
glibc-2.27-19.fc28 has been pushed to the Fedora 28 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-e51a452b8f

Comment 7 Fedora Update System 2018-06-23 20:48:07 UTC
glibc-2.27-19.fc28 has been pushed to the Fedora 28 stable repository. If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.