744397 – [RHEL 5] nfsnobody uid/gid values incorrectly depend on architecture

Bug 744397 - [RHEL 5] nfsnobody uid/gid values incorrectly depend on architecture

Summary: [RHEL 5] nfsnobody uid/gid values incorrectly depend on architecture

Keywords:
Status:	CLOSED DUPLICATE of bug 729603
Alias:	None
Product:	Red Hat Enterprise Linux 5
Classification:	Red Hat
Component:	nfs-utils
Sub Component:
Version:	5.8
Hardware:	All
OS:	Linux
Priority:	unspecified
Severity:	medium
Target Milestone:	rc
Target Release:	---
Assignee:	Steve Dickson
QA Contact:	Red Hat Kernel QE team
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2011-10-08 10:52 UTC by Simon Matter
Modified:	2011-10-11 22:27 UTC (History)
CC List:	9 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:	511876
Environment:
Last Closed:	2011-10-11 22:27:39 UTC
Target Upstream Version:
Dependent Products:

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Simon Matter 2011-10-08 10:52:07 UTC

+++ This bug was initially created as a clone of Bug #511876 +++

+++ This bug was initially created as a clone of Bug #511874 +++

From the nfs-utils .spec file:

# Define the correct unsigned uid value for 32 or 64 bit archs
%ifarch %{all_32bit_archs}
%define nfsnobody_uid   65534
%else
%define nfsnobody_uid   4294967294
%endif

This is incorrect. uid_t is of the same size on both 32 and 64 bit machines. The values for uid/gid for nfsnobody should be the same irrespective of the architecture.

Current values in /etc/passwd are as follows
RHEL 5.3 64 bit
nfsnobody:x:4294967294:4294967294:Anonymous NFS User:/var/lib/nfs:/sbin/nologin

RHEL 5.3 32 bit
nfsnobody:x:65534:65534:Anonymous NFS User:/var/lib/nfs:/sbin/nologin


--- Additional comment from sprabhu on 2009-07-15 09:44:57 EDT ---

There is another inconsistency on the default anonuid/anongid values used in RHEL 4 and RHEL 5.

On RHEL 4, this is set to (unsigned int) -2 = 4294967294
RHEL 5, it is set to 65534

That issue is being handled separately in bz 497551.

--- Additional comment from yanwang on 2011-06-01 05:20:42 EDT ---

hi Steve,
There's one related bug 708918 filed now and the bug is blocked for testing, pls resolve the regression ASAP, thanks.

--- Additional comment from steved on 2011-06-05 09:42:56 EDT ---

*** Bug 708918 has been marked as a duplicate of this bug. ***

--- Additional comment from yanwang on 2011-06-14 23:36:10 EDT ---

hi Steve,
I could reproduce the problem like comment #4, indeed nfsnobody user has not been created when RHEL5.7 has been installed.
Since nfsnobody group is created before, so useradd failed, and add '-g' option into useradd line could fix the issue:
# grep nfsnobody /etc/passwd /etc/group
/etc/group:nfsnobody:x:65534:
# /usr/sbin/useradd -l -c "Anonymous NFS User" -r -s /sbin/nologin -u 65534 -d
/var/lib/nfs nfsnobody 
useradd: group nfsnobody exists - if you want to add this user to that group,
use -g.

For your test steps, since you remove the nfs-utils package first, the nfsnobody user and group gone, so you can't reproduce the problem. Pls use Masayoshi Yamazaki test steps to reproduce, and the fix is easy.

--- Additional comment from yanwang on 2011-06-21 02:14:13 EDT ---

pls check comment #9

--- Additional comment from steved on 2011-06-21 09:10:39 EDT ---

(In reply to comment #9)
> hi Steve,
> I could reproduce the problem like comment #4, indeed nfsnobody user has not
> been created when RHEL5.7 has been installed.
> Since nfsnobody group is created before, so useradd failed, and add '-g' option
> into useradd line could fix the issue:
> # grep nfsnobody /etc/passwd /etc/group
> /etc/group:nfsnobody:x:65534:
> # /usr/sbin/useradd -l -c "Anonymous NFS User" -r -s /sbin/nologin -u 65534 -d
> /var/lib/nfs nfsnobody 
> useradd: group nfsnobody exists - if you want to add this user to that group,
> use -g.
> 
> For your test steps, since you remove the nfs-utils package first, the
> nfsnobody user and group gone, so you can't reproduce the problem. Pls use
> Masayoshi Yamazaki test steps to reproduce, and the fix is easy.
Yes I did remove the package which indeed removed the nfsnobody user.
But, I added back nfsnobody with the useradd command and then I
reinstall the package with out error...

--- Additional comment from yanwang on 2011-06-21 22:19:39 EDT ---

(In reply to comment #12)
> (In reply to comment #9)
> > hi Steve,
> > I could reproduce the problem like comment #4, indeed nfsnobody user has not
> > been created when RHEL5.7 has been installed.
> > Since nfsnobody group is created before, so useradd failed, and add '-g' option
> > into useradd line could fix the issue:
> > # grep nfsnobody /etc/passwd /etc/group
> > /etc/group:nfsnobody:x:65534:
> > # /usr/sbin/useradd -l -c "Anonymous NFS User" -r -s /sbin/nologin -u 65534 -d
> > /var/lib/nfs nfsnobody 
> > useradd: group nfsnobody exists - if you want to add this user to that group,
> > use -g.
> > 
> > For your test steps, since you remove the nfs-utils package first, the
> > nfsnobody user and group gone, so you can't reproduce the problem. Pls use
> > Masayoshi Yamazaki test steps to reproduce, and the fix is easy.
> Yes I did remove the package which indeed removed the nfsnobody user.
> But, I added back nfsnobody with the useradd command and then I
> reinstall the package with out error...

hi, the reason why you can not reproduce the problem is that you added back
nfsnobody using the useradd command which would create nfsnobody group default
at the same time, so it's not the scenario described in comment #4:
Here is a part of postinstall of nfs-utils-1.0.9-52.el5:
----------------------------------------------------------------------
# Create nfsnobody gid as long as it does not already exist.
cat /etc/group | cut -d':' -f 1 | grep --quiet nfsnobody 2>/dev/null
if [ "$?" -eq 1 ]; then
    /usr/sbin/groupadd -g 65534 nfsnobody 2>/dev/null || :
else
    /usr/sbin/groupmod -g 65534 nfsnobody 2>/dev/null || :
fi

# Create nfsnobody uid as long as it does not already exist.
cat /etc/passwd | cut -d':' -f 1 | grep --quiet nfsnobody 2>/dev/null
if [ "$?" -eq 1 ]; then
        /usr/sbin/useradd -l -c "Anonymous NFS User" -r \
                -s /sbin/nologin -u 65534 -d /var/lib/nfs nfsnobody 2>/dev/null
|| :
else
        /usr/sbin/usermod -u 65534 nfsnobody 2>/dev/null || :
fi
----------------------------------------------------------------------------

In usually case, nfsnobody group is created on the above script. However, if
nfsnobody group exists, useradd on the above will fail if without -g option.
----------------------------------------------------------------------------

If you reserve a RHEL5.7 server from beaker and you will find nfsnobody user is
not existent when you login:
      Beaker Test information:
                         HOSTNAME=sun-x4200-01.rhts.eng.bos.redhat.com
                            JOBID=99944
                         RECIPEID=203569
                    RESULT_SERVER=127.0.0.1:7092
                           DISTRO=RHEL5.7-Server-20110615.0
                     ARCHITECTURE=i386
**  **  **  **  **  **  **  **  **  **  **  **  **  **  **  **  **  **
[root@sun-x4200-01 ~]# id nfsnobody
id: nfsnobody: No such user
[root@sun-x4200-01 ~]# grep nfsnobody /etc/passwd /etc/group
/etc/group:nfsnobody:x:65534:

--- Additional comment from yanwang on 2011-06-23 01:58:55 EDT ---

verified against nfs-utils-1.0.9-54.el5 on i386 and x86_64:
[root@intel-sugarbay-DH-02 ~]# rpm -Uvh nfs-utils-1.0.9-54.el5.i386.rpm 
Preparing...                ########################################### [100%]
   1:nfs-utils              ########################################### [100%]
[root@intel-sugarbay-DH-02 ~]# id nfsnobody
uid=65534(nfsnobody) gid=65534(nfsnobody) groups=65534(nfsnobody) context=root:system_r:unconfined_t:SystemLow-SystemHigh

--- Additional comment from errata-xmlrpc on 2011-07-21 07:34:34 EDT ---

An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2011-1048.html

--- Additional comment from elliott.forney on 2011-07-22 16:54:16 EDT ---

It looks like this patch changed the GID for nfsnobody to 65534 but didn't change the default group for the nfsnobody user:

# grep nfsnobody /etc/passwd
nfsnobody:x:65534:4294967294:Anonymous NFS User:/var/lib/nfs:/sbin/nologin

# grep nfsnobody /etc/group
nfsnobody:x:65534:

Notice that nfsnobody belongs to a non-existent group.

--- Additional comment from simon.matter on 2011-10-03 08:02:48 EDT ---

Elliott is right, the updated package results in a mess.
I guess the correct fix would be:

- /usr/sbin/usermod -u 65534 nfsnobody 2>/dev/null || :
+ /usr/sbin/usermod -g nfsnobody -u 65534 nfsnobody 2>/dev/null || :

Simon

--- Additional comment from yanwang on 2011-10-08 01:44:02 EDT ---

(In reply to comment #22)
> Elliott is right, the updated package results in a mess.
> I guess the correct fix would be:
> 
> - /usr/sbin/usermod -u 65534 nfsnobody 2>/dev/null || :
> + /usr/sbin/usermod -g nfsnobody -u 65534 nfsnobody 2>/dev/null || :
> 
> Simon

pls file a bug for rhel5.8? developer may deal with it in rhel5.8.

Comment 1 Steve Dickson 2011-10-11 22:27:39 UTC


*** This bug has been marked as a duplicate of bug 729603 ***

Note You need to log in before you can comment on or make changes to this bug.