From: Luca Boccassi Date: Thu, 4 Jul 2024 09:23:04 +0000 (+0100) Subject: sysusers: handle NSS errors gracefully X-Git-Tag: v257-rc1~965 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=fc9938d6f8e7081df5420bf88bf98f683b1391c0;p=thirdparty%2Fsystemd.git sysusers: handle NSS errors gracefully If the io.systemd.DynamicUser or io.systemd.Machine files exist, but nothing is listening on them, the nss-systemd module returns ECONNREFUSED and systemd-sysusers fails to creat the user/group. This is problematic when ran by packaging scripts, as the package assumes that after this has run, the user/group exist and can be used. adduser does not fail in the same situation. Change sysusers to print a loud warning but otherwise continue when NSS returns an error. --- diff --git a/src/sysusers/sysusers.c b/src/sysusers/sysusers.c index b3fde5097e3..da97f333dee 100644 --- a/src/sysusers/sysusers.c +++ b/src/sysusers/sysusers.c @@ -1042,7 +1042,7 @@ static int uid_is_ok( if (r >= 0) return 0; if (r != -ESRCH) - return r; + log_warning_errno(r, "Unexpected failure while looking up UID '" UID_FMT "' via NSS, assuming it doesn't exist: %m", uid); if (check_with_gid) { r = getgrgid_malloc((gid_t) uid, &g); @@ -1050,7 +1050,7 @@ static int uid_is_ok( if (!streq(g->gr_name, name)) return 0; } else if (r != -ESRCH) - return r; + log_warning_errno(r, "Unexpected failure while looking up GID '" GID_FMT "' via NSS, assuming it doesn't exist: %m", uid); } } @@ -1155,7 +1155,7 @@ static int add_user(Context *c, Item *i) { return 0; } if (r != -ESRCH) - return log_error_errno(r, "Failed to check if user %s already exists: %m", i->name); + log_warning_errno(r, "Unexpected failure while looking up user '%s' via NSS, assuming it doesn't exist: %m", i->name); } /* Try to use the suggested numeric UID */ @@ -1275,14 +1275,14 @@ static int gid_is_ok( if (r >= 0) return 0; if (r != -ESRCH) - return r; + log_warning_errno(r, "Unexpected failure while looking up GID '" GID_FMT "' via NSS, assuming it doesn't exist: %m", gid); if (check_with_uid) { r = getpwuid_malloc(gid, /* ret= */ NULL); if (r >= 0) return 0; if (r != -ESRCH) - return r; + log_warning_errno(r, "Unexpected failure while looking up GID '" GID_FMT "' via NSS, assuming it doesn't exist: %m", gid); } } @@ -1317,7 +1317,7 @@ static int get_gid_by_name( return 0; } if (r != -ESRCH) - return log_error_errno(r, "Failed to check if group %s already exists: %m", name); + log_warning_errno(r, "Unexpected failure while looking up group '%s' via NSS, assuming it doesn't exist: %m", name); } return -ENOENT; diff --git a/test/units/TEST-74-AUX-UTILS.sysusers.sh b/test/units/TEST-74-AUX-UTILS.sysusers.sh new file mode 100755 index 00000000000..dcd29938b53 --- /dev/null +++ b/test/units/TEST-74-AUX-UTILS.sysusers.sh @@ -0,0 +1,24 @@ +#!/usr/bin/env bash +# SPDX-License-Identifier: LGPL-2.1-or-later +set -eux +set -o pipefail + +# shellcheck source=test/units/util.sh +. "$(dirname "$0")"/util.sh + +at_exit() { + set +e + userdel -r foobarbaz + umount /run/systemd/userdb/ +} + +# Check that we indeed run under root to make the rest of the test work +[[ "$(id -u)" -eq 0 ]] + +trap at_exit EXIT + +# Ensure that a non-responsive NSS socket doesn't make sysusers fail +mount -t tmpfs tmpfs /run/systemd/userdb/ +touch /run/systemd/userdb/io.systemd.DynamicUser +echo 'u foobarbaz' | SYSTEMD_LOG_LEVEL=debug systemd-sysusers - +grep -q foobarbaz /etc/passwd