[Freeipa-users] EXTERNAL: Re: Usernames not being seen on IPA Master
Joseph, Matthew (EXP)
matthew.joseph at lmco.com
Thu Apr 16 13:59:50 UTC 2015
The UID is 2600 and the GID is 2000. It's a common group which all of our users are in.
Yeah the error comes when trying to change ownership of files/directory (new or old).
Just seems a bit odd the replica server is able to change ownership of files/directories fine.
Matt
-----Original Message-----
From: Jakub Hrozek [mailto:jhrozek at redhat.com]
Sent: Thursday, April 16, 2015 10:56 AM
To: Joseph, Matthew (EXP)
Cc: freeipa-users at redhat.com
Subject: Re: EXTERNAL: Re: [Freeipa-users] Usernames not being seen on IPA Master
On Thu, Apr 16, 2015 at 01:42:52PM +0000, Joseph, Matthew (EXP) wrote:
> Hey Jakub,
>
> Getent passwd returns all of the IPA users when searching either the username or UID.
> Yes I know that permissions are defined by UID/GID, used a new UID that has not been previously used for this new account for this test.
>
> Good to know, I disabled the nscd service.
>
> Here is the output of the strace for chown on a directory.
>
> execve("/bin/chown", ["chown", "wpooh", "/home/wpooh"], [/* 32 vars */]) = 0
> brk(0) = 0x1095000
> mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5f4b698000
> access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
> open("/etc/ld.so.cache", O_RDONLY) = 3
> fstat(3, {st_mode=S_IFREG|0644, st_size=142486, ...}) = 0
> mmap(NULL, 142486, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f5f4b675000
> close(3) = 0
> open("/lib64/libc.so.6", O_RDONLY) = 3
> read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\360\355\341\0044\0\0\0"..., 832) = 832
> fstat(3, {st_mode=S_IFREG|0755, st_size=1918016, ...}) = 0
> mmap(0x3404e00000, 3741864, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x3404e00000
> mprotect(0x3404f89000, 2093056, PROT_NONE) = 0
> mmap(0x3405188000, 20480, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x188000) = 0x3405188000
> mmap(0x340518d000, 18600, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x340518d000
> close(3) = 0
> mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5f4b674000
> mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5f4b673000
> mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5f4b672000
> arch_prctl(ARCH_SET_FS, 0x7f5f4b673700) = 0
> mprotect(0x3405188000, 16384, PROT_READ) = 0
> mprotect(0x340481f000, 4096, PROT_READ) = 0
> munmap(0x7f5f4b675000, 142486) = 0
> brk(0) = 0x1095000
> brk(0x10b6000) = 0x10b6000
> open("/usr/lib/locale/locale-archive", O_RDONLY) = 3
> fstat(3, {st_mode=S_IFREG|0644, st_size=99158576, ...}) = 0
> mmap(NULL, 99158576, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f5f457e1000
> close(3) = 0
> socket(PF_FILE, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 3
> connect(3, {sa_family=AF_FILE, path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory)
> close(3) = 0
> socket(PF_FILE, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 3
> connect(3, {sa_family=AF_FILE, path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory)
> close(3) = 0
> open("/etc/nsswitch.conf", O_RDONLY) = 3
> fstat(3, {st_mode=S_IFREG|0644, st_size=1734, ...}) = 0
> mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5f4b697000
> read(3, "#\n# /etc/nsswitch.conf\n#\n# An ex"..., 4096) = 1734
> read(3, "", 4096) = 0
> close(3) = 0
> munmap(0x7f5f4b697000, 4096) = 0
> open("/etc/ld.so.cache", O_RDONLY) = 3
> fstat(3, {st_mode=S_IFREG|0644, st_size=142486, ...}) = 0
> mmap(NULL, 142486, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f5f4b675000
> close(3) = 0
> open("/lib64/libnss_files.so.2", O_RDONLY) = 3
> read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\360!\0\0\0\0\0\0"..., 832) = 832
> fstat(3, {st_mode=S_IFREG|0755, st_size=65928, ...}) = 0
> mmap(NULL, 2151824, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f5f455d3000
> mprotect(0x7f5f455df000, 2097152, PROT_NONE) = 0
> mmap(0x7f5f457df000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xc000) = 0x7f5f457df000
> close(3) = 0
> mprotect(0x7f5f457df000, 4096, PROT_READ) = 0
> munmap(0x7f5f4b675000, 142486) = 0
> open("/etc/passwd", O_RDONLY|O_CLOEXEC) = 3
> fcntl(3, F_GETFD) = 0x1 (flags FD_CLOEXEC)
> fstat(3, {st_mode=S_IFREG|0644, st_size=3404, ...}) = 0
> mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5f4b697000
> read(3, "root:x:0:0:root:/root:/bin/bash\n"..., 4096) = 3404
> read(3, "", 4096) = 0
> close(3) = 0
> munmap(0x7f5f4b697000, 4096) = 0
> open("/etc/ld.so.cache", O_RDONLY) = 3
> fstat(3, {st_mode=S_IFREG|0644, st_size=142486, ...}) = 0
> mmap(NULL, 142486, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f5f4b675000
> close(3) = 0
> open("/lib64/libnss_ldap.so.2", O_RDONLY) = 3
> read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0000\25\0\0\0\0\0\0"..., 832) = 832
> fstat(3, {st_mode=S_IFREG|0755, st_size=44328, ...}) = 0
> mmap(NULL, 2139496, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f5f453c8000
> mprotect(0x7f5f453d3000, 2093056, PROT_NONE) = 0
> mmap(0x7f5f455d2000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xa000) = 0x7f5f455d2000
> close(3) = 0
> munmap(0x7f5f4b675000, 142486) = 0
> socket(PF_FILE, SOCK_STREAM, 0) = 3
> connect(3, {sa_family=AF_FILE, path="/var/run/nslcd/socket"}, 110) = -1 ENOENT (No such file or directory)
> close(3) = 0
> open("/etc/ld.so.cache", O_RDONLY) = 3
> fstat(3, {st_mode=S_IFREG|0644, st_size=142486, ...}) = 0
> mmap(NULL, 142486, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f5f4b675000
> close(3) = 0
> open("/lib64/libnss_sss.so.2", O_RDONLY) = 3
> read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0 \22\0\0\0\0\0\0"..., 832) = 832
> fstat(3, {st_mode=S_IFREG|0755, st_size=23792, ...}) = 0
> mmap(NULL, 2119312, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f5f451c2000
> mprotect(0x7f5f451c8000, 2093056, PROT_NONE) = 0
> mmap(0x7f5f453c7000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x5000) = 0x7f5f453c7000
> close(3) = 0
> munmap(0x7f5f4b675000, 142486) = 0
> getpid() = 20913
> fstat(-1, 0x7fff2d84dca0) = -1 EBADF (Bad file descriptor)
> socket(PF_FILE, SOCK_STREAM, 0) = 3
> fcntl(3, F_GETFL) = 0x2 (flags O_RDWR)
> fcntl(3, F_SETFL, O_RDWR|O_NONBLOCK) = 0
> fcntl(3, F_GETFD) = 0
> fcntl(3, F_SETFD, FD_CLOEXEC) = 0
> connect(3, {sa_family=AF_FILE, path="/var/lib/sss/pipes/nss"}, 110) = 0
> fstat(3, {st_mode=S_IFSOCK|0777, st_size=0, ...}) = 0
> poll([{fd=3, events=POLLOUT}], 1, 300000) = 1 ([{fd=3, revents=POLLOUT}])
> write(3, "\24\0\0\0\1\0\0\0\0\0\0\0\0\0\0\0", 16) = 16
> poll([{fd=3, events=POLLOUT}], 1, 300000) = 1 ([{fd=3, revents=POLLOUT}])
> write(3, "\1\0\0\0", 4) = 4
> poll([{fd=3, events=POLLIN}], 1, 300000) = 1 ([{fd=3, revents=POLLIN}])
> read(3, "\24\0\0\0\1\0\0\0\0\0\0\0\0\0\0\0", 16) = 16
> poll([{fd=3, events=POLLIN}], 1, 300000) = 1 ([{fd=3, revents=POLLIN}])
> read(3, "\1\0\0\0", 4) = 4
> poll([{fd=3, events=POLLOUT}], 1, 300000) = 1 ([{fd=3, revents=POLLOUT}])
> write(3, "\26\0\0\0\21\0\0\0\0\0\0\0\0\0\0\0", 16) = 16
> poll([{fd=3, events=POLLOUT}], 1, 300000) = 1 ([{fd=3, revents=POLLOUT}])
> write(3, "wpooh\0", 6) = 6
> poll([{fd=3, events=POLLIN}], 1, 300000) = 1 ([{fd=3, revents=POLLIN}])
> read(3, "J\0\0\0\21\0\0\0\0\0\0\0\0\0\0\0", 16) = 16
> poll([{fd=3, events=POLLIN}], 1, 300000) = 1 ([{fd=3, revents=POLLIN}])
> read(3, "\1\0\0\0\0\0\0\0(\n\0\0\320\7\0\0wpooh\0*\0Winnie P"..., 58) = 58
> newfstatat(AT_FDCWD, "/home/wpooh", {st_mode=S_IFDIR|S_ISUID|S_ISGID|0700, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
> fchownat(AT_FDCWD, "/home/wpooh", 2600, 4294967295, 0) = -1 EINVAL (Invalid argument)
So fchownat is called with UID 2600, GID 4294967295 and flags 0 and
returns EINVAL. The fchownat() manpage says that EINVAL is returned when
"Invalid flag specified in flags". 0 is certainly a valid flag, so I
assume it must be something else (the manpage also says that "Depending
on the filesystem, errors other than those listed below can be
returned.")
What UID and GID does the user have? The GID seems suspicious to me,
it's 2^32, which shouldn't happen.
Does the same error happen with all files (ie touch /tmp/somefile, chown
/tmp/somefile) ?
More information about the Freeipa-users
mailing list