Race condition on boot between cups and sssd
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
cups (Ubuntu) |
Fix Released
|
Medium
|
Victor Tapia | ||
Xenial |
Fix Released
|
Medium
|
Victor Tapia | ||
Bionic |
Fix Released
|
Medium
|
Victor Tapia | ||
Cosmic |
Fix Released
|
Medium
|
Victor Tapia | ||
Disco |
Fix Released
|
Medium
|
Victor Tapia | ||
Eoan |
Fix Released
|
Medium
|
Victor Tapia |
Bug Description
[Impact]
* When cups has set the "SystemGroup" directive to an external group provided through sss and cups starts before sssd has finished booting, cups will crash because the group does not exist.
* The patch adds an "After=
[Test Case]
* Configure an external authentication service (LDAP, AD...) and create a group, for instance "<email address hidden>"
* Set SystemGroup to match that group in /etc/cups/
SystemGroup <email address hidden>
* Reboot
* If cups has started before sssd has finished booting, cups will crash:
Mar 27 10:10:33 cups-sssd cupsd[21463]: Unknown SystemGroup "<email address hidden>" on line 19 of /etc/cups/
* If cups starts after sssd, it will work fine.
[Regression Potential]
* Minimal: this patch affects just the ordering of the service unit file.
[Other Info]
* Upstream: https:/
[Original description]
When cups has set the "SystemGroup" directive to an external group provided through sss and cups starts before sssd has finished booting, cups will crash because the group does not exist. For instance, with a group named <email address hidden> served from Active Directory through sssd, if the sssd service hasn't booted before cups:
Mar 27 10:10:33 cups-sssd systemd[1]: Started CUPS Scheduler.
Mar 27 10:10:33 cups-sssd systemd[1]: Started CUPS Scheduler.
Mar 27 10:10:33 cups-sssd systemd[1]: Started Make remote CUPS printers available locally.
Mar 27 10:10:33 cups-sssd cupsd[21463]: Unknown SystemGroup "<email address hidden>" on line 19 of /etc/cups/
Mar 27 10:10:33 cups-sssd cupsd[21463]: Unable to read "/etc/cups/
Mar 27 10:10:33 cups-sssd systemd[1]: cups.service: Main process exited, code=exited, status=1/FAILURE
Mar 27 10:10:33 cups-sssd systemd[1]: cups.service: Failed with result 'exit-code'.
Mar 27 10:10:33 cups-sssd systemd[1]: cups.service: Service hold-off time over, scheduling restart.
Mar 27 10:10:33 cups-sssd systemd[1]: cups.service: Scheduled restart job, restart counter is at 2.
Mar 27 10:10:33 cups-sssd systemd[1]: Stopping Make remote CUPS printers available locally...
Mar 27 10:10:33 cups-sssd systemd[1]: Stopped Make remote CUPS printers available locally.
Mar 27 10:10:33 cups-sssd systemd[1]: Stopped CUPS Scheduler.
If sssd is running before cups starts, everything works as expected.
Changed in cups (Ubuntu Eoan): | |
importance: | Undecided → Medium |
status: | New → In Progress |
assignee: | nobody → Victor Tapia (vtapia) |
Changed in cups (Ubuntu Xenial): | |
importance: | Undecided → Medium |
Changed in cups (Ubuntu Bionic): | |
importance: | Undecided → Medium |
Changed in cups (Ubuntu Cosmic): | |
importance: | Undecided → Medium |
Changed in cups (Ubuntu Disco): | |
importance: | Undecided → Medium |
Changed in cups (Ubuntu Disco): | |
assignee: | nobody → Victor Tapia (vtapia) |
Changed in cups (Ubuntu Cosmic): | |
assignee: | nobody → Victor Tapia (vtapia) |
Changed in cups (Ubuntu Bionic): | |
assignee: | nobody → Victor Tapia (vtapia) |
Changed in cups (Ubuntu Xenial): | |
assignee: | nobody → Victor Tapia (vtapia) |
tags: |
added: verification-done-bionic removed: verification-needed-bionic |
tags: |
added: verification-needed-bionic verification-xenial removed: verification-done-bionic verification-needed-xenial |
tags: |
added: verification-done-xenial removed: verification-xenial |
tags: |
added: verification-done-bionic removed: verification-needed-bionic |
tags: |
added: verification-done-cosmic removed: verification-needed-cosmic |
tags: |
added: verification-done verification-done-disco removed: verification-needed verification-needed-disco |
There is a debian->ubuntu sync right now in eoan-proposed.
I'll sponsor it once the actual sync is completed and found in eoan-releases.
Meanwhile, could you please report a bug and forward the patch to debian to make sure the problem is fix to prevent re-introducing the issue at next debian->ubuntu sync/merge.
- Eric