[Freeipa-users] EXTERNAL: Re: Usernames not being seen on IPA Master
Jakub Hrozek
jhrozek at redhat.com
Thu Apr 16 13:55:40 UTC 2015
On Thu, Apr 16, 2015 at 01:42:52PM +0000, Joseph, Matthew (EXP) wrote:
> Hey Jakub,
>
> Getent passwd returns all of the IPA users when searching either the username or UID.
> Yes I know that permissions are defined by UID/GID, used a new UID that has not been previously used for this new account for this test.
>
> Good to know, I disabled the nscd service.
>
> Here is the output of the strace for chown on a directory.
>
> execve("/bin/chown", ["chown", "wpooh", "/home/wpooh"], [/* 32 vars */]) = 0
> brk(0) = 0x1095000
> mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5f4b698000
> access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
> open("/etc/ld.so.cache", O_RDONLY) = 3
> fstat(3, {st_mode=S_IFREG|0644, st_size=142486, ...}) = 0
> mmap(NULL, 142486, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f5f4b675000
> close(3) = 0
> open("/lib64/libc.so.6", O_RDONLY) = 3
> read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\360\355\341\0044\0\0\0"..., 832) = 832
> fstat(3, {st_mode=S_IFREG|0755, st_size=1918016, ...}) = 0
> mmap(0x3404e00000, 3741864, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x3404e00000
> mprotect(0x3404f89000, 2093056, PROT_NONE) = 0
> mmap(0x3405188000, 20480, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x188000) = 0x3405188000
> mmap(0x340518d000, 18600, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x340518d000
> close(3) = 0
> mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5f4b674000
> mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5f4b673000
> mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5f4b672000
> arch_prctl(ARCH_SET_FS, 0x7f5f4b673700) = 0
> mprotect(0x3405188000, 16384, PROT_READ) = 0
> mprotect(0x340481f000, 4096, PROT_READ) = 0
> munmap(0x7f5f4b675000, 142486) = 0
> brk(0) = 0x1095000
> brk(0x10b6000) = 0x10b6000
> open("/usr/lib/locale/locale-archive", O_RDONLY) = 3
> fstat(3, {st_mode=S_IFREG|0644, st_size=99158576, ...}) = 0
> mmap(NULL, 99158576, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f5f457e1000
> close(3) = 0
> socket(PF_FILE, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 3
> connect(3, {sa_family=AF_FILE, path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory)
> close(3) = 0
> socket(PF_FILE, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 3
> connect(3, {sa_family=AF_FILE, path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory)
> close(3) = 0
> open("/etc/nsswitch.conf", O_RDONLY) = 3
> fstat(3, {st_mode=S_IFREG|0644, st_size=1734, ...}) = 0
> mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5f4b697000
> read(3, "#\n# /etc/nsswitch.conf\n#\n# An ex"..., 4096) = 1734
> read(3, "", 4096) = 0
> close(3) = 0
> munmap(0x7f5f4b697000, 4096) = 0
> open("/etc/ld.so.cache", O_RDONLY) = 3
> fstat(3, {st_mode=S_IFREG|0644, st_size=142486, ...}) = 0
> mmap(NULL, 142486, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f5f4b675000
> close(3) = 0
> open("/lib64/libnss_files.so.2", O_RDONLY) = 3
> read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\360!\0\0\0\0\0\0"..., 832) = 832
> fstat(3, {st_mode=S_IFREG|0755, st_size=65928, ...}) = 0
> mmap(NULL, 2151824, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f5f455d3000
> mprotect(0x7f5f455df000, 2097152, PROT_NONE) = 0
> mmap(0x7f5f457df000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xc000) = 0x7f5f457df000
> close(3) = 0
> mprotect(0x7f5f457df000, 4096, PROT_READ) = 0
> munmap(0x7f5f4b675000, 142486) = 0
> open("/etc/passwd", O_RDONLY|O_CLOEXEC) = 3
> fcntl(3, F_GETFD) = 0x1 (flags FD_CLOEXEC)
> fstat(3, {st_mode=S_IFREG|0644, st_size=3404, ...}) = 0
> mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5f4b697000
> read(3, "root:x:0:0:root:/root:/bin/bash\n"..., 4096) = 3404
> read(3, "", 4096) = 0
> close(3) = 0
> munmap(0x7f5f4b697000, 4096) = 0
> open("/etc/ld.so.cache", O_RDONLY) = 3
> fstat(3, {st_mode=S_IFREG|0644, st_size=142486, ...}) = 0
> mmap(NULL, 142486, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f5f4b675000
> close(3) = 0
> open("/lib64/libnss_ldap.so.2", O_RDONLY) = 3
> read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0000\25\0\0\0\0\0\0"..., 832) = 832
> fstat(3, {st_mode=S_IFREG|0755, st_size=44328, ...}) = 0
> mmap(NULL, 2139496, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f5f453c8000
> mprotect(0x7f5f453d3000, 2093056, PROT_NONE) = 0
> mmap(0x7f5f455d2000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xa000) = 0x7f5f455d2000
> close(3) = 0
> munmap(0x7f5f4b675000, 142486) = 0
> socket(PF_FILE, SOCK_STREAM, 0) = 3
> connect(3, {sa_family=AF_FILE, path="/var/run/nslcd/socket"}, 110) = -1 ENOENT (No such file or directory)
> close(3) = 0
> open("/etc/ld.so.cache", O_RDONLY) = 3
> fstat(3, {st_mode=S_IFREG|0644, st_size=142486, ...}) = 0
> mmap(NULL, 142486, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f5f4b675000
> close(3) = 0
> open("/lib64/libnss_sss.so.2", O_RDONLY) = 3
> read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0 \22\0\0\0\0\0\0"..., 832) = 832
> fstat(3, {st_mode=S_IFREG|0755, st_size=23792, ...}) = 0
> mmap(NULL, 2119312, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f5f451c2000
> mprotect(0x7f5f451c8000, 2093056, PROT_NONE) = 0
> mmap(0x7f5f453c7000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x5000) = 0x7f5f453c7000
> close(3) = 0
> munmap(0x7f5f4b675000, 142486) = 0
> getpid() = 20913
> fstat(-1, 0x7fff2d84dca0) = -1 EBADF (Bad file descriptor)
> socket(PF_FILE, SOCK_STREAM, 0) = 3
> fcntl(3, F_GETFL) = 0x2 (flags O_RDWR)
> fcntl(3, F_SETFL, O_RDWR|O_NONBLOCK) = 0
> fcntl(3, F_GETFD) = 0
> fcntl(3, F_SETFD, FD_CLOEXEC) = 0
> connect(3, {sa_family=AF_FILE, path="/var/lib/sss/pipes/nss"}, 110) = 0
> fstat(3, {st_mode=S_IFSOCK|0777, st_size=0, ...}) = 0
> poll([{fd=3, events=POLLOUT}], 1, 300000) = 1 ([{fd=3, revents=POLLOUT}])
> write(3, "\24\0\0\0\1\0\0\0\0\0\0\0\0\0\0\0", 16) = 16
> poll([{fd=3, events=POLLOUT}], 1, 300000) = 1 ([{fd=3, revents=POLLOUT}])
> write(3, "\1\0\0\0", 4) = 4
> poll([{fd=3, events=POLLIN}], 1, 300000) = 1 ([{fd=3, revents=POLLIN}])
> read(3, "\24\0\0\0\1\0\0\0\0\0\0\0\0\0\0\0", 16) = 16
> poll([{fd=3, events=POLLIN}], 1, 300000) = 1 ([{fd=3, revents=POLLIN}])
> read(3, "\1\0\0\0", 4) = 4
> poll([{fd=3, events=POLLOUT}], 1, 300000) = 1 ([{fd=3, revents=POLLOUT}])
> write(3, "\26\0\0\0\21\0\0\0\0\0\0\0\0\0\0\0", 16) = 16
> poll([{fd=3, events=POLLOUT}], 1, 300000) = 1 ([{fd=3, revents=POLLOUT}])
> write(3, "wpooh\0", 6) = 6
> poll([{fd=3, events=POLLIN}], 1, 300000) = 1 ([{fd=3, revents=POLLIN}])
> read(3, "J\0\0\0\21\0\0\0\0\0\0\0\0\0\0\0", 16) = 16
> poll([{fd=3, events=POLLIN}], 1, 300000) = 1 ([{fd=3, revents=POLLIN}])
> read(3, "\1\0\0\0\0\0\0\0(\n\0\0\320\7\0\0wpooh\0*\0Winnie P"..., 58) = 58
> newfstatat(AT_FDCWD, "/home/wpooh", {st_mode=S_IFDIR|S_ISUID|S_ISGID|0700, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
> fchownat(AT_FDCWD, "/home/wpooh", 2600, 4294967295, 0) = -1 EINVAL (Invalid argument)
So fchownat is called with UID 2600, GID 4294967295 and flags 0 and
returns EINVAL. The fchownat() manpage says that EINVAL is returned when
"Invalid flag specified in flags". 0 is certainly a valid flag, so I
assume it must be something else (the manpage also says that "Depending
on the filesystem, errors other than those listed below can be
returned.")
What UID and GID does the user have? The GID seems suspicious to me,
it's 2^32, which shouldn't happen.
Does the same error happen with all files (ie touch /tmp/somefile, chown
/tmp/somefile) ?
More information about the Freeipa-users
mailing list