Note: This bug is displayed in read-only format because
the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Description of problem:
I configured libnss-mysql to manage my users and it's working well. But as soon as I start nscd, the results change.
Version-Release number of selected component (if applicable):
NSCD 2.12
How reproducible:
Configure authentication with libnss-mysql, create a user with his group, create a secondary group, add user into group, then test with nscd started and stopped
Actual results:
$> getent group gpig
gpig:x:1101:john
$> id -Gn john
john gpig
$> service nscd start
$> id -Gn john
john
$> getent group gpig
gpig:x:1101:john
Expected results:
With nscd started, we should see john in his own group and in gpig group.
Additional info:
/etc/nscd.conf is the default installed file.
Comment 4Siddhesh Poyarekar
2013-08-12 06:30:07 UTC
It's probably an unnecessary question, but I'm going to ask it anyway. Did you invalidate the nscd cache when you checked? You can do that by issuing the `nscd -i group` command.
Hi and thanks for watching that problem.
I just retried to be sure, and I can confirm that even after the cache has been invalidated the problem persists.
Raw paste:
# service nscd status
nscd (pid 2054) is running...
# getent group gpig
gpig:x:1101:admin,john
# id -Gn john
john
# nscd -i group
# nscd -i passwd
# id -Gn john
john
# service nscd stop
Stopping nscd: [ OK ]
# id -Gn john
john gpig
(In reply to TCottier from comment #7)
> Hi, do you need any other informations about this problem? Can I help you in
> anything to determine what's wrong?
At present we don't need any more information. We aren't presently working on this issue, but I've scheduled it for review as part of our development process.
All I can say is that nscd should not be dropping any groups. You may wish to start nscd with debug-level set to 7 in /etd/nscd.conf and look at the transactions in detail to see what the server is doing and if anything sticks out as wrong.
Hi,
I can confirm this bug on my CentOS 6.5.
I want to add that getent returns expected results about group membership. The problem occurs with 'id' command, which don't return all the group that belongs to the user.
This issue seems really linked to https://bugzilla.redhat.com/show_bug.cgi?id=706571
I confirm this bug for CentOS 6.5.
Package: nscd.x86_64 0:2.12-1.132.el6_5.2
id only shows groups for local defined /etc/groups settings, neglecting libnss-mysql grouplist entries when nscd is running. disabling the group cache in nscd solves the problem.
Seeing this issue on RHEL 6.6. Have the following version of nscd installed:
nscd-2.12-1.149.el6_6.5.x86_64
I am also using libnss-mysql. When I enable nscd and run:
groups <user>
to check, only the default group is displayed.
When I disable nscd and re-run the command, it shows all of the groups the user belongs to.
(In reply to Siddhesh Poyarekar from comment #4)
> It's probably an unnecessary question, but I'm going to ask it anyway. Did
> you invalidate the nscd cache when you checked? You can do that by issuing
> the `nscd -i group` command.
Yes I did.
Can you reproduce this issue with another NSS service module besides libnss-mysql?
If you are using the version in Fedora, it's no longer maintained upstream.
I witnessed something similar to this today
Can you show us the output of:
ls -l /etc/libnss-mysql.cfg /etc/libnss-mysql-root.cfg
If the files aren't readable by the nscd user, you may get unintended consequences
I've just tested with chown nscd.nscd /etc/libnss-mysql* and the results are the same.
I guess the problem is more on the nscd side as libnss-mysql works fine when we stop the cache service.
Red Hat Enterprise Linux 6 transitioned to the Production 3 Phase on May 10, 2017. During the Production 3 Phase, Critical impact Security Advisories (RHSAs) and selected Urgent Priority Bug Fix Advisories (RHBAs) may be released as they become available.
This issue does not qualify, and there is insufficient information in this report to identify the root cause of this issue.
Comment 25Red Hat Bugzilla Rules Engine
2017-11-08 09:39:38 UTC
Development Management has reviewed and declined this request. You may appeal this decision by reopening this request.