1
1
mirror of https://github.com/systemd/systemd-stable.git synced 2025-03-12 08:58:20 +03:00

sysusers: handle NSS errors gracefully

If the io.systemd.DynamicUser or io.systemd.Machine files exist,
but nothing is listening on them, the nss-systemd module returns
ECONNREFUSED and systemd-sysusers fails to creat the user/group.

This is problematic when ran by packaging scripts, as the package
assumes that after this has run, the user/group exist and can
be used. adduser does not fail in the same situation.

Change sysusers to print a loud warning but otherwise continue
when NSS returns an error.

(cherry picked from commit fc9938d6f8e7081df5420bf88bf98f683b1391c0)
(cherry picked from commit abba1e6bc29b7e07354ca23906c6f485ba245a1a)
(cherry picked from commit 0f518750a44dc4b2987ecc0cea4b3d848ac46ee9)
(cherry picked from commit dffa62c85fb644c649f68b2c8f02b1d8440d2a9d)
This commit is contained in:
Luca Boccassi 2024-07-04 10:23:04 +01:00 committed by Luca Boccassi
parent d7c1b80c68
commit dfbd2c78af
2 changed files with 30 additions and 6 deletions

View File

@ -989,7 +989,7 @@ static int uid_is_ok(uid_t uid, const char *name, bool check_with_gid) {
if (p)
return 0;
if (!IN_SET(errno, 0, ENOENT))
return -errno;
log_warning_errno(errno, "Unexpected failure while looking up UID '" UID_FMT "' via NSS, assuming it doesn't exist: %m", uid);
if (check_with_gid) {
errno = 0;
@ -998,7 +998,7 @@ static int uid_is_ok(uid_t uid, const char *name, bool check_with_gid) {
if (!streq(g->gr_name, name))
return 0;
} else if (!IN_SET(errno, 0, ENOENT))
return -errno;
log_warning_errno(errno, "Unexpected failure while looking up GID '" GID_FMT "' via NSS, assuming it doesn't exist: %m", uid);
}
}
@ -1103,7 +1103,7 @@ static int add_user(Item *i) {
return 0;
}
if (!errno_is_not_exists(errno))
return log_error_errno(errno, "Failed to check if user %s already exists: %m", i->name);
log_warning_errno(errno, "Unexpected failure while looking up user '%s' via NSS, assuming it doesn't exist: %m", i->name);
}
/* Try to use the suggested numeric UID */
@ -1219,7 +1219,7 @@ static int gid_is_ok(gid_t gid, const char *groupname, bool check_with_uid) {
if (g)
return 0;
if (!IN_SET(errno, 0, ENOENT))
return -errno;
log_warning_errno(errno, "Unexpected failure while looking up GID '" GID_FMT "' via NSS, assuming it doesn't exist: %m", gid);
if (check_with_uid) {
errno = 0;
@ -1227,7 +1227,7 @@ static int gid_is_ok(gid_t gid, const char *groupname, bool check_with_uid) {
if (p)
return 0;
if (!IN_SET(errno, 0, ENOENT))
return -errno;
log_warning_errno(errno, "Unexpected failure while looking up GID '" GID_FMT "' via NSS, assuming it doesn't exist: %m", gid);
}
}
@ -1257,7 +1257,7 @@ static int get_gid_by_name(const char *name, gid_t *gid) {
return 0;
}
if (!errno_is_not_exists(errno))
return log_error_errno(errno, "Failed to check if group %s already exists: %m", name);
log_warning_errno(errno, "Unexpected failure while looking up group '%s' via NSS, assuming it doesn't exist: %m", name);
}
return -ENOENT;

View File

@ -0,0 +1,24 @@
#!/usr/bin/env bash
# SPDX-License-Identifier: LGPL-2.1-or-later
set -eux
set -o pipefail
# shellcheck source=test/units/util.sh
. "$(dirname "$0")"/util.sh
at_exit() {
set +e
userdel -r foobarbaz
umount /run/systemd/userdb/
}
# Check that we indeed run under root to make the rest of the test work
[[ "$(id -u)" -eq 0 ]]
trap at_exit EXIT
# Ensure that a non-responsive NSS socket doesn't make sysusers fail
mount -t tmpfs tmpfs /run/systemd/userdb/
touch /run/systemd/userdb/io.systemd.DynamicUser
echo 'u foobarbaz' | SYSTEMD_LOG_LEVEL=debug systemd-sysusers -
grep -q foobarbaz /etc/passwd