Red Hat Bugzilla – Bug 678410
name service caches names, so id command shows recently deleted users
Last modified: 2015-01-04 18:46:35 EST
+++ This bug was initially created as a clone of Bug #677768 +++ Description of problem: If you looked up some info using unix commands, like id or groups and then changed it using freeipa command - later calls to id will show outdated information: [root@ipaserver ~]# ipa user-add --first=x --last=y myuser5 -------------------- Added user "myuser5" -------------------- User login: myuser5 First name: x Last name: y Full name: x y Display name: x y Initials: xy Home directory: /home/myuser5 GECOS field: myuser5 Login shell: /bin/sh Kerberos principal: myuser5@MYFREEIPAHOST.COM UID: 334400018 [root@ipaserver ~]# id myuser5 uid=334400018(myuser5) gid=334400018(myuser5) группы=334400018(myuser5),334400001(ipausers) [root@ipaserver ~]# ipa user-del myuser5 ---------------------- Deleted user "myuser5" ---------------------- [root@ipaserver ~]# id myuser5 uid=334400018(myuser5) gid=334400018(myuser5) группы=334400018(myuser5),334400001(ipausers) Version-Release number of selected component (if applicable): 389-ds-base-1.2.8-0.2.a2.fc15.1.x86_64 freeipa-admintools-2.0.0.rc1-0.fc15.x86_64 sssd-tools-1.5.1-7.fc15.x86_64 freeipa-client-2.0.0.rc1-0.fc15.x86_64 freeipa-server-2.0.0.rc1-0.fc15.x86_64 sssd-1.5.1-7.fc15.x86_64 sssd-debuginfo-1.5.1-7.fc15.x86_64 freeipa-python-2.0.0.rc1-0.fc15.x86_64 freeipa-server-selinux-2.0.0.rc1-0.fc15.x86_64 sssd-client-1.5.1-7.fc15.x86_64 How reproducible: always Steps to Reproduce: 1. create user using ipa user-add command, myuser for example 2. type 'id myuser' 3. type ipa user-del 'myuser' 4. type 'id myuser' again - it will show deleted user Actual results: unix command show some cached info Expected results: unix commands always shows up-to-date information about users and groups --- Additional comment from ssorce@redhat.com on 2011-02-16 08:34:59 EST --- I was going to reply that as soon as the deleted user attempts to login, it will be refreshed from ldap, found to be deleted and not reported any more. Except I have just tested this and it doesn't work. Reassigning to sssd.
Using sssd-1.5.5-0.20110405T0615z.el6.x86_64 ipa-server-2.0.0-20.el6.x86_64 went through steps listed above - user-add...id...user-del..id And I see the user info. So are the steps different to verify this bug? I also logged in as this deleted user, and still could use id to get info about this user.
to clarify - i attempted to log in as this deleted user...login failed. And i could still use id on my server machine, and see info about this user
verified it. ran id on client and got the info after deleting, but after attempting to login as this deleted user, it cleared the cache as expected, and didn't return info when using id anymore. Then when i use id on server now, no info is returned - as expected.
sgallagh stopped by, and I went through the steps. Verified successfully that the machine I ssh to as deleted user, cleared the cache and didn't list the deleted user anymore.
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2011-0560.html