snapd

getent does not support extrausers on uc18

Bug #1889092 reported by Ian Johnson
12
This bug affects 2 people
Affects Status Importance Assigned to Milestone
snapd
Won't Fix
Undecided
Unassigned
glibc (Ubuntu)
Invalid
Undecided
Unassigned

Bug Description

for example, see this test:

```
user@coreimg:~$ snap run --shell docker
user@coreimg:/home/user$ grep docker /var/lib/extrausers/group
docker:x:113:
user@coreimg:/home/user$ grep docker /etc/group
user@coreimg:/home/user$ getent group docker
user@coreimg:/home/user$
```

with a modified version of the core18 snap to move the docker gid definition from /etc/group to /var/lib/extrausers/group, this was based on the edge channel revision 1888 on arm64.

Revision history for this message
Zygmunt Krynicki (zyga) wrote :

All of extrausers logic seems to be in the patch ./debian/patches/1010_extrausers.patch of the shadow source package. I wonder if this is simply lost in the ubuntu 18.04 archive (I had this patch on 20.10). Should this be something we ask foundations to SRU?

Changed in snapd:
status: New → Confirmed
Revision history for this message
Ian Johnson (anonymouse67) wrote :

I added glibc since getent seems to come from libc-bin, which launchpad tells me is tracked with glibc package?

Anyways, yes I think this is something we should strongly consider backporting if the patch is already available in (at latest) groovy.

Revision history for this message
Ian Johnson (anonymouse67) wrote :

The patch does not seem to be in focal, at least it is not in the current core20 snap.

Revision history for this message
James Henstridge (jamesh) wrote :

getent isn't the problem here: it is just returning whatever data the nameservice switch provides.

The underlying cause is that libnss-extrausers ignores entries in the extrausers database that have a uid or gid less than 500:

https://git.launchpad.net/ubuntu/+source/libnss-extrausers/tree/s_config.h

The docker user and group as defined fall into that category.

It's not at all clear that it's a good idea to have low ID users and groups in extrausers anyway: it seems like it's just asking for conflicts with future updates of the base snap.

Revision history for this message
Ian Johnson (anonymouse67) wrote :

As explained by James, this is not really a bug with getent or nss-extrausers, it is operating by design, as such closing this bug.

Changed in snapd:
status: Confirmed → Won't Fix
Changed in glibc (Ubuntu):
status: New → Invalid
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.