Summary: | >=sys-libs/glibc-2.28 - initgroups in /etc/nsswitch.conf causes potential issues | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Jaco Kroon <jaco> |
Component: | Current packages | Assignee: | Gentoo Toolchain Maintainers <toolchain> |
Status: | RESOLVED UPSTREAM | ||
Severity: | normal | ||
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugzilla.redhat.com/show_bug.cgi?id=751450 | ||
See Also: |
https://bugzilla.redhat.com/show_bug.cgi?id=751450 https://bugzilla.redhat.com/show_bug.cgi?id=835612 https://bugzilla.redhat.com/show_bug.cgi?id=1366569 |
||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
Jaco Kroon
2019-04-02 09:42:12 UTC
Gentoo used to have very old nsswitch.conf. Now we just use default nsswitch.conf from upstream package: https://sourceware.org/git/?p=glibc.git;a=blob;f=nss/nsswitch.conf;h=39ca88bf5198df2bfa8f4a2e4bf631f3baee16c0;hb=HEAD I failed to find upstream bug report in the issues you have linked. Can you file the upstream bug report and explain your use case and desired changes? https://sourceware.org/bugzilla/ (glibc component) I would prefer to use upstream's nsswitch.conf Hi. I agree with using upstream nsswitch.conf as far as possible. I haven't filed a bug with the project itself. Was first looking to gain understanding and confirm Gentoo's stance. It seems the stance is "we want to use upstream but will deviate if required". So let me try again: With a defined initgroups in /etc/nsswitch.conf there is a counter-intuitive behaviour where iterating through all system groups manually doesn't always align with what is obtained from initgroups(3). For example: group: db files mysql initgroups: db [SUCCESS=continue] files Note: mismatch of the modules with group and initgroups, this results in: arthur ~ # id admin uid=1002(admin) gid=100(users) groups=100(users),115(ulsreport) arthur ~ # getent group | grep admin ulsreport:x:115:admin sshusers:x:1001:admin Commenting the initgroups line: arthur ~ # id admin uid=1002(admin) gid=100(users) groups=100(users),115(ulsreport),1001(sshusers) Or updating initgroups to "db [SUCCESS=continue] files mysql" arthur ~ # id admin uid=1002(admin) gid=100(users) groups=100(users),115(ulsreport) Oops, that should be "db [SUCCESS=continue] files [SUCCESS=continue] mysql" arthur ~ # id admin uid=1002(admin) gid=100(users) groups=100(users),115(ulsreport),1001(sshusers) My point being that's now two things to keep in sync when the default with a commented initgroups works adequately. My script now comments initgroups standard, was just caought off guard by the change, just hoping to avoid same for someone else. RHEL itself also having issues with this. I again request if we can please take action to comment initgroups in /etc/nsswitch.conf by default please. https://bugzilla.redhat.com/show_bug.cgi?id=751450 Can you file the upstream bug report and explain your use case and desired changes? https://sourceware.org/bugzilla/ (glibc component) |