localapps with groups longer than 32 characters
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
LTSP5 |
Won't Fix
|
Low
|
Unassigned |
Bug Description
Distributor ID: Ubuntu
Description: Ubuntu 16.04.5 LTS
Release: 16.04
Codename: xenial
server packages:
ii ldm-server 2:2.2.18-1
un ltsp-client <none>
un ltsp-client-core <none>
ii ltsp-docs 1.2-1
ii ltsp-server 5.5.7-1ubuntu1
ii ltsp-server-
un ltsp-utils <none>
ii ltspfs 1.4-2
packages in chroot: /opt/ltsp/amd64
ii ldm 2:2.2.18-1
un ldm-themes <none>
ii ldm-ubuntu-theme 2:2.0.47
un ldm-ubuntu-themes <none>
ii ltsp-client 5.5.7-1ubuntu1
ii ltsp-client-core 5.5.7-1ubuntu1
ii ltspfsd 1.4-2
ii ltspfsd-core 1.4-2
powerbroker identity services (pbis-open) product version: 8.7.478.50.
Security groups in Active Directory exceed the 32 character limit. This is ONLY a problem on the client while trying to run localapps as the /opt/ltsp/
/opt/ltsp/
# Get the groups that the user belongs to, and create them locally.
# groupadd doesn't permit some of the characters used in LDAP, AD etc,
# so we may have to use a temporary valid group name, and sed afterwards.
primary_
sed_list=""
group_list=""
while IFS=':' read gr_name dummy gr_gid dummy; do
if is_valid_name "$gr_name"; then
else
s:$groupadd_
fi
if [ "$gr_gid" -le 500 ]; then
else
fi
groupadd --force $system_group --gid "$gr_gid" "$groupadd_name"
# Remember the user's primary group name for useradd
test "$gr_gid" -eq "$pw_gid" && primary_
group_
done <<EOF
$(ssh_run '/usr/bin/getent group $(/usr/bin/id -G)')
EOF
change to:
# Get the groups that the user belongs to, and create them locally.
# groupadd doesn't permit some of the characters used in LDAP, AD etc,
# so we may have to use a temporary valid group name, and sed afterwards.
primary_
sed_list=""
group_list=""
while IFS=':' read gr_name dummy gr_gid dummy; do
if [ ${#gr_name} -le 31 ]; then
if is_valid_name "$gr_name"; then
else
s:$groupadd_
fi
if [ "$gr_gid" -le 500 ]; then
else
fi
groupadd --force $system_group --gid "$gr_gid" "$groupadd_name"
# Remember the user's primary group name for useradd
test "$gr_gid" -eq "$pw_gid" && primary_
group_
fi
done <<EOF
$(ssh_run '/usr/bin/getent group $(/usr/bin/id -G)')
EOF
will fix the problem by skipping these groups. They are not important for the client permissions but are important in AD for other systems.
The other option would be to test the length in is_valid_name() and let it get a temporary name instead.
Changed in ltsp: | |
importance: | Undecided → Low |
The cleaner approach is to use the is_valid_name function to also check for length, which should resolve the issue.