Duplicated root and nobody returned by getent on Focal
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
systemd |
Fix Released
|
Unknown
|
|||
systemd (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Focal |
Fix Released
|
Medium
|
Dan Streetman |
Bug Description
[impact]
getent password or getent group returns duplicate, false/synthesized, entries for root and nobody
[test case]
root@lp1902236-f:~# getent passwd | grep root
root:x:
root:x:
root@lp1902236-f:~# getent group | grep root
root:x:0:
root:x:0:
root@lp1902236-f:~# getent passwd | grep nobody
nobody:
nobody:
root@lp1902236-f:~# getent group | grep nogroup
nogroup:x:65534:
nogroup:x:65534:
[regression potential]
any regression would likely result in incorrect results to calls to getent or other programs using libnss-systemd
[scope]
this is needed only for f
this was fixed upstream by commit 9494da41c271bb9
b and earlier doesn't show the duplication.
[original description]
* Summary
systemd's NSS integration causes getent passwd/group to return duplicated entries for root/root and nobody/nogroup. The root account also gets a different shell (/bin/sh instead of /bin/bash).
* Steps to reproduce:
1) create a container
$ lxc launch images:ubuntu/focal test-nobody
2) check the root and nobody accounts
$ lxc exec test-nobody -- getent passwd | grep -E '^(root|nobody):'
3) check the root and nogroup groups
$ lxc exec test-nobody -- getent group | grep -E '^(root|nogroup):'
2 and 3 should report a single entry for each account/group but they return dups like this:
root:x:
nobody:
root:x:
nobody:
* Description
The problem seems to come from the NSS integration:
$ lxc exec test-nobody -- grep -wF systemd /etc/nsswitch.conf
passwd: files systemd
group: files systemd
as the /etc/passwd and /etc/group file contain no dups:
$ lxc exec test-nobody -- grep ^nobody: /etc/passwd
nobody:
$ lxc exec test-nobody -- grep ^nogroup: /etc/group
nogroup:x:65534:
Removing systemd from /etc/nsswitch.conf indeed removes the dup.
An alternative way of seeing what systemd adds on top of the flat files:
$ lxc exec test-nobody -- bash -c 'diff -u /etc/passwd <(getent passwd)'
--- /etc/passwd 2020-10-30 13:07:52.219261001 +0000
+++ /dev/fd/63 2020-10-30 13:29:38.396928732 +0000
@@ -24,3 +24,5 @@
_apt:x:
ubuntu:
systemd-
+root:x:
+nobody:
$ lxc exec test-nobody -- bash -c 'diff -u /etc/group <(getent group)'
--- /etc/group 2020-10-30 13:07:52.211261089 +0000
+++ /dev/fd/63 2020-10-30 13:29:45.892846747 +0000
@@ -50,3 +50,5 @@
ubuntu:x:1000:
ssh:x:111:
systemd-
+root:x:0:
+nogroup:x:65534:
* Additional information
This bug seems to occur on Focal alone as Bionic and Groovy are not affected.
$ lsb_release -rd
Description: Ubuntu 20.04.1 LTS
Release: 20.04
$ apt-cache policy base-passwd systemd
base-passwd:
Installed: 3.5.47
Candidate: 3.5.47
Version table:
*** 3.5.47 500
500 http://
100 /var/lib/
systemd:
Installed: 245.4-4ubuntu3.2
Candidate: 245.4-4ubuntu3.2
Version table:
*** 245.4-4ubuntu3.2 500
500 http://
100 /var/lib/
245.4-4ubuntu3 500
500 http://
description: | updated |
description: | updated |
Changed in systemd (Ubuntu): | |
assignee: | nobody → Dan Streetman (ddstreet) |
importance: | Undecided → Medium |
assignee: | Dan Streetman (ddstreet) → nobody |
importance: | Medium → Undecided |
Changed in systemd (Ubuntu Focal): | |
status: | New → In Progress |
importance: | Undecided → Medium |
assignee: | nobody → Dan Streetman (ddstreet) |
Changed in systemd: | |
status: | Unknown → Fix Released |
per comment in bug description, marking as affecting only focal