Invisible symbols in sssd upstart config causes sssd to not start if /bin/sh is a link to /bin/bash

Bug #1003845 reported by TORNADO on 2012-05-24
This bug affects 7 people
Affects Status Importance Assigned to Milestone
sssd (Ubuntu)
Timo Aaltonen

Bug Description

prevents the daemon from starting when /bin/sh is bash

[Test case]
change /bin/sh to point to bash, run 'start sssd'

[Regression potential]
small, it's an obvious packaging bug


This problem appeared when I changed /bin/sh link to /bin/bash. Somehow dash tolerates this bug described below.

When trying to start sssd I've got:

root@ubuntu-precise:~# start sssd
start: Job failed to start

The only trace in syslog was:

May 24 11:11:59 ubuntu-precise kernel: [66576.880595] init: sssd pre-start process (9782) terminated with status 2

I've took a look on /etc/init/sssd.conf and everything looks ok, but after some play I make it to start, and this is the difference to the original:

root@ubuntu-precise:/etc/init# diff sssd.conf sssd.conf.orig
< test -f /etc/sssd/sssd.conf || { stop; exit 0; }
> test -f /etc/sssd/sssd.conf || { stop; exit 0; }

This looks bizzare for me, so I tried that:

root@ubuntu-precise:/etc/init# cat -A sssd.conf|grep test
^Itest -f /etc/sssd/sssd.conf || { stop; exit 0; }$
root@ubuntu-precise:/etc/init# cat -A sssd.conf.orig|grep test
^Itest -f /etc/sssd/sssd.conf ||M-BM- { stop; exit 0; }$

I have no idea what does "M-BM-" stand for, but I'm sure this is not how it should be.

ProblemType: Bug
DistroRelease: Ubuntu 12.04
Package: sssd 1.8.2-0ubuntu1
ProcVersionSignature: Ubuntu 3.2.0-23.36-generic 3.2.14
Uname: Linux 3.2.0-23-generic x86_64
ApportVersion: 2.0.1-0ubuntu7
Architecture: amd64
Date: Thu May 24 11:02:44 2012
InstallationMedia: Ubuntu 12.04 LTS "Precise Pangolin" - Release amd64 (20120425)
 PATH=(custom, no user)
SourcePackage: sssd
UpgradeStatus: No upgrade log present (probably fresh install)
mtime.conffile..etc.init.sssd.conf: 2012-05-24T10:54:11.246378

TORNADO (tornado-torn) wrote :
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in sssd (Ubuntu):
status: New → Confirmed
TORNADO (tornado-torn) on 2012-05-24
description: updated
description: updated
TORNADO (tornado-torn) wrote :

Attaching the original sssd.conf from /etc/init/

Timo Aaltonen (tjaalton) wrote :

thanks, don't know where it came from.. committed to git.

Changed in sssd (Ubuntu):
status: Confirmed → Fix Committed
Launchpad Janitor (janitor) wrote :
Download full text (3.3 KiB)

This bug was fixed in the package sssd - 1.8.3-0ubuntu1

sssd (1.8.3-0ubuntu1) quantal; urgency=low

  * Merge from Debian git, remaining changes:
    - control, rules: Drop libsemanage-dev from build-depends, it's not
      in main. Configure --with-semanage=no.

sssd (1.8.3-1) UNRELEASED; urgency=low

  * New upstream bugfix release 1.8.2.
    - Several fixes to case-insensitive domain functions
    - Fix for GSSAPI binds when the keytab contains unrelated
    - Fixed several segfaults
    - Workarounds added for LDAP servers with unreadable RootDSE
    - SSH knownhostproxy will no longer enter an infinite loop
      preventing login
    - The provided SYSV init script now starts SSSD earlier at startup
      and stops it later during shutdown
    - Assorted minor fixes for issues discovered by static analysis
  * New upstream bugfix release 1.8.3.
    - Numerous manpage and translation updates
    - LDAP: Handle situations where the RootDSE isn't available anonymously
    - LDAP: Fix regression for users using non-standard LDAP attributes for
      user information
  * control: Move the dependency of libsasl2-modules-gssapi-mit to
  * control: sssd works with Heimdal gssapi modules too, add
    libsasl2-modules-gssapi-mit as an option for the Recommends.
    (LP: #966146)
  * libpam-sss.pam-auth-update:
    - Drop the dependency to 128, since pam_sss should always be below
      pam_unix. (LP: #957486)
    - Drop 'use_authtok' from the password stack, since it only works when
      pam_cracklib is installed. This will allow password changes on the
      default install.
  * sssd.postrm: Try to remove /etc/sssd only if it exists.
    (Closes: #666226)
  * Add disabled by default Apparmor profile (LP: #933342)
    - debian/ load the profile during pre-start
    - add debian/apparmor-profile, install to /etc/apparmor.d
    - debian/rules: use dh_apparmor to install profile before sssd is
    - debian/control: sssd Suggests apparmor (>= 2.3)
    - debian/control: Add dh-apparmor to build-depends
    - debian/sssd.preinst: disable profile on clean install or upgrades
      from earlier than when we shipped the profile
  * rules: Mangle the date stamp on pam_sss.8 so that the compressed file is
    identical across all archs. (Closes: #670019)
  * control: Add build-depends on libnl-dev to enable Netlink support.
  * control: Add build-depends on libkeyutil-dev to enable support for
    kernel keyring manipulation.
  * sssd.logrotate: Rotate logs weekly, keep four previous rotations.
    (Closes: #672984)
  * Pull patches from the stable branch to fix an issue that results in broken
    credential cache (LP: #985031)
    - patches/fix-upstream-1298.diff
      If canon'ing principals, write ccache with updated default principal
    - patches/fix-upstream-1297.diff
      Limit krb5_get_init_creds_keytab() to etypes in keytab
    - patches/fix-upstream-1330.diff
      KRB5: Avoid NULL-dereference with empty keytab
  * patches/fix-upstream-1343.diff
    - LDAP nested groups: Do not process callback with _post deep in the nested
      structure (LP: #981125)


Changed in sssd (Ubuntu):
status: Fix Committed → Fix Released
Timo Aaltonen (tjaalton) on 2012-05-24
Changed in sssd (Ubuntu Precise):
importance: Undecided → Medium
status: New → In Progress
Ballock (ballock) wrote :

Hello, Timo,

Is there any chance of having it backported to Precise?


Ove Risberg (ove-risberg) wrote :

Run the attached "non-breaking-space" script with /bin/sh, /bin/dash and /bin/bash.

All of them complains and and none of them prints out "Test".
Both /bin/sh and /bin/dash continues and print out "Hello" and exit with exitstatus 0.
Bash will crash and exit with exit status 2

Run the attached "normal-space" script with /bin/sh, /bin/dash and /bin/bash.

All of them prints out both "Test" and "Hello" and exit with exitstatus 0.

The difference between the two scripts is that one of them contains one UTF-8 non-breaking space just like the sssd.conf file.

Ove Risberg (ove-risberg) wrote :
Ove Risberg (ove-risberg) wrote :
Timo Aaltonen (tjaalton) wrote :

Uploaded a new package for precise to

please test, it'll get SRU'd next.

Changed in sssd (Ubuntu Precise):
status: In Progress → Incomplete
Timo Aaltonen (tjaalton) on 2012-11-21
Changed in sssd (Ubuntu Precise):
assignee: nobody → Timo Aaltonen (tjaalton)
status: Incomplete → In Progress
status: In Progress → Incomplete
Timo Aaltonen (tjaalton) on 2012-12-04
description: updated
Changed in sssd (Ubuntu Precise):
status: Incomplete → In Progress

Hello TORNADO, or anyone else affected,

Accepted sssd into precise-proposed. The package will build now and be available at in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at . Thank you in advance!

Changed in sssd (Ubuntu Precise):
status: In Progress → Fix Committed
tags: added: verification-needed
Timo Aaltonen (tjaalton) wrote :

verified myself

tags: added: verification-done
removed: verification-needed
Timo Aaltonen (tjaalton) wrote :

This bug was fixed in the package sssd - 1.8.6-0ubuntu0.2

sssd (1.8.6-0ubuntu0.2) precise-proposed; urgency=low

  * rules: Really install the new pam-auth-update file for password
    changes. (LP: #1086272)
  * rules: Pass --datadir, so the path in autogenerated python files is
    correctly substituted. (LP: #1079938)

Changed in sssd (Ubuntu Precise):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers