Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 1519132 - sssd: group resolution breakage when sss used as compat module in nsswitch.conf
Summary: sssd: group resolution breakage when sss used as compat module in nsswitch.conf
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: sssd
Version: 6.9
Hardware: x86_64
OS: Unspecified
unspecified
urgent
Target Milestone: rc
: ---
Assignee: SSSD Maintainers
QA Contact: sssd-qe
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-11-30 08:53 UTC by amitkuma
Modified: 2018-01-31 20:53 UTC (History)
11 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2018-01-31 20:53:04 UTC


Attachments (Terms of Use)

Description amitkuma 2017-11-30 08:53:26 UTC
Description of problem:
After specifying compat mode for passwd,shadow,group inside nsswitch.conf. If we try to add 30 users from script it fails.
But if we add users individually it succeeds.

# cat /etc/nsswitch.conf
passwd: compat
shadow: compat
group: compat
passwd_compat: sss
shadow_compat: sss
group_compat: sss
#initgroups: files
# groupadd -g 510 gwheel
# groupadd -g 550 gadmin
# useradd -g gadmin -G gwheel u-adm1
# cat /etc/passwd 
u-adm1:x:1000:550::/home/u-adm1:/bin/bash
# cat test-script
for i in {2..30} ; do useradd -g gadmin -G gwheel u-adm$i ; done
# chmod +x test-script
# ./test-script 
useradd: group 'gadmin' does not exist
useradd: group 'gadmin' does not exist
useradd: group 'gadmin' does not exist
useradd: group 'gadmin' does not exist
useradd: group 'gadmin' does not exist
useradd: group 'gadmin' does not exist
useradd: group 'gadmin' does not exist
useradd: group 'gadmin' does not exist
useradd: group 'gadmin' does not exist
useradd: group 'gadmin' does not exist
useradd: group 'gadmin' does not exist
useradd: group 'gadmin' does not exist
useradd: group 'gadmin' does not exist
useradd: group 'gadmin' does not exist
useradd: group 'gadmin' does not exist

Version-Release number of selected component (if applicable):
shadow-utils-4.1.5.1-5.el6.x86_64

How reproducible:
Always

Steps to Reproduce:
1. Configure nsswitch.conf as:    //No need to configure sssd
# cat /etc/nsswitch.conf
passwd: compat
shadow: compat
group: compat
passwd_compat: sss
shadow_compat: sss
2. Create 2 groups
# groupadd -g 510 gwheel
# groupadd -g 550 gadmin
3. Add 30 users making gwheel as primary group & gadmin as secondary group of users.
for i in {2..30} ; do useradd -g gadmin -G gwheel u-adm$i ; done
4. Scripts reports error
useradd: group 'gadmin' does not exist

Actual results:
Error is reported by useradd/usermod etc

Expected results:
Error should not be reported by useradd/usermod etc

Additional info:

Comment 2 Tomas Mraz 2017-11-30 12:30:10 UTC
For reproducability it is crucial to have the sssd-client package installed. SSSD does not have to be configured and running though. I believe this is some bug within libnss_sss.

Comment 3 Tomas Mraz 2017-11-30 12:37:40 UTC
Also note that the issue is of course not that the useradd is run from a script but that the failure happens once there are 15 members (u-adm1,u-adm2,u-adm3,u-adm4,u-adm5,u-adm6,u-adm7,u-adm8,u-adm9,u-adm10,u-adm11,u-adm12,u-adm13,u-adm14,u-adm15) of the gwheel group. After that the issue can be reproduced for any following similar invocation of useradd even when run from command-line.

Comment 4 Jakub Hrozek 2017-11-30 21:43:32 UTC
Thank you for the bug report and the reproducer. I know have a C program that reproduces the bug reliably, but I'm still not sure where the issue is..


Note You need to log in before you can comment on or make changes to this bug.