134323 – NSCD not flushing caches on local user/group operations

Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.

Bug 134323 - NSCD not flushing caches on local user/group operations

Summary: NSCD not flushing caches on local user/group operations

Keywords:
Status:	CLOSED RAWHIDE
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	shadow-utils
Sub Component:
Version:	rawhide
Hardware:	i386
OS:	Linux
Priority:	medium
Severity:	high
Target Milestone:	---
Assignee:	Peter Vrabec
QA Contact:	David Lawrence
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	FC4Target
TreeView+	depends on / blocked

Reported:	2004-10-01 12:43 UTC by Nicolas Troncoso Carrere
Modified:	2007-11-30 22:10 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2005-05-23 15:03:48 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)
nscd -d -d -d output when installing postgresql-server (deleted) 2004-10-07 04:41 UTC, Nicolas Troncoso Carrere	no flags	Details
shadow-4.0.7-nscd-socket-path.patch (deleted) 2005-05-21 08:52 UTC, Jakub Jelinek	no flags	Details \| Diff
View All

Description Nicolas Troncoso Carrere 2004-10-01 12:43:34 UTC

From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7)
Gecko/20040808 Firefox/0.9.3

Description of problem:
When i tried to install postgressql-server the creation of the
postgres user would fail, rendering the postgresql-sever instalation
unuseful.

If nscd service is stoped the problem can not be reproduced, that's
why i think its a nscd issue.

Version-Release number of selected component (if applicable):
nscd-2.3.3 from glibc-2.3.3-27.src.rpm

How reproducible:
Always

Steps to Reproduce:
1. Use LDAP authentication
2. Enable NSCD caching
3. Install postgresql-server on a clean instalation. (the whole point
is that the postgres user must no existe yet).
    

Actual Results:  rpm complains that user postgres does no exist and
uses root as default. Big no no.

Expected Results:  Clean rpm exit

Additional info:

Using LDAP authetication
Enabling nscd cache (if not the 40 clients en up hanging the master
server)

Comment 1 Ulrich Drepper 2004-10-06 04:49:12 UTC

Please do the following:

~ start with a clean slate
~ stop nscd
~ run, by hand as root

    /usr/sbin/nscd -d -d -d

  this won't terminate

~ in another terminal perform the installation

Attach the output of the nscd run to this bug.

Comment 2 Nicolas Troncoso Carrere 2004-10-07 04:41:58 UTC

Created attachment 104880 [details]
nscd -d -d -d output when installing postgresql-server

Comment 3 Oliver Falk 2005-05-21 07:40:46 UTC

It's now some time ago, that the bug was reported and the bug still is alive! 
I have it on FC3 as well on my FCDevel Box. 

I also received a mail mentioning this:
nscd in FC has been patched to prune the password, group and hosts caches when 
it receives a SIGHUP, and shadow-utils has been patched to HUP nscd on 
relevant operations.
http://cvs.fedora.redhat.com/viewcvs/devel/glibc/glibc-fedora.patch?
rev=.&view=auto
http://cvs.fedora.redhat.com/viewcvs/devel/shadow-utils/shadow-4.0.3-
nscd.patch?rev=.&view=auto

There was a bug at FC2'ish time where the nscd pid file had moved so that the 
HUP never happened.  But that was fixed last year...
https://bugzilla.redhat.com/125421

Comment 4 Oliver Falk 2005-05-21 07:52:11 UTC

More Info:

My versions:
glibc-2.3.5-6
nscd-2.3.5-6
shadow-utils-4.0.7-7

Example:
rpm -Uvh test-0.1-1.i386.rpm
Preparing...                ########################################### [100%]
   1:test                   warning: group test does not exist - using root3%)
########################################### [100%]
warning: group test does not exist - using root

rpm -qp --scripts test-0.1-1.i386.rpm
preinstall scriptlet (using /bin/sh):
groupadd -r test >/dev/null 2>&1
postuninstall scriptlet (using /bin/sh):
groupdel test >/dev/null 2>&1

Comment 5 Ville Skyttä 2005-05-21 08:20:27 UTC

LDAP does not seem to play a part in this, so adjusting summary.

Anyway, this problem has resurfaced in FC4t3 (it doesn't occur in FC3). 
Reproducer (no LDAP configured, just using OOTB FC4t3 configuration):

  # /etc/init.d/nscd start
  # /usr/sbin/useradd test
  # /usr/sbin/userdel test
  userdel: user test does not exist
  # /usr/sbin/nscd -i passwd
  # /usr/sbin/userdel test
  # (works)

I straced useradd, and it does not appear to look for the nscd PID file in order
to HUP it any more.  So probably this is a shadow-utils bug, dunno.  No messages
in syslog or audit.log.

Comment 6 Jakub Jelinek 2005-05-21 08:48:09 UTC

This is a bug in shadow-utils.  It seems 4.0.7 now instead of HUPing nscd
connects to its socket directly and requests invalidation.
But, nscd almost 2 years ago changed the location of its socket.

Comment 7 Jakub Jelinek 2005-05-21 08:52:27 UTC

Created attachment 114666 [details]
shadow-4.0.7-nscd-socket-path.patch

Untested fix.
I think this ought to be fixed for FC4, it is a regression from FC3.

Note You need to log in before you can comment on or make changes to this bug.