Ubuntu
systemd package

Bug #1902236
Comment #0

Comment 0 for bug 1902236

Revision history for this message

Simon Déziel (sdeziel) wrote on 2020-10-30:

* Summary

systemd's NSS integration causes getent passwd/group to return duplicated entries for root/root and nobody/nogroup. The root account also gets a different shell (/bin/sh instead of /bin/bash).

* Steps to reproduce:

1) create a container
$ lxc launch images:ubuntu/focal test-nobody
2) check the root and nobody accounts
$ lxc exec test-nobody -- getent passwd | grep -E '^(root|nobody):'
3) check the root and nogroup groups
$ lxc exec test-nobody -- getent group | grep -E '^(root|nogroup):'

2 and 3 should report a single entry for each account/group but they return dups like this:

root:x:0:0:root:/root:/bin/bash
nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin
root:x:0:0:root:/root:/bin/sh
nobody:x:65534:65534:nobody:/:/usr/sbin/nologin

* Description

The problem seems to come from the NSS integration:

$ lxc exec test-nobody -- grep -wF systemd /etc/nsswitch.conf
passwd: files systemd
group: files systemd

as the /etc/passwd and /etc/group file contain no dups:

$ lxc exec test-nobody -- grep ^nobody: /etc/passwd
nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin
$ lxc exec test-nobody -- grep ^nogroup: /etc/group
nogroup:x:65534:

Removing systemd from /etc/nsswitch.conf indeed removes the dup.

An alternative way of seeing what systemd adds on top of the flat files:

$ lxc exec test-nobody -- bash -c 'diff -u /etc/passwd <(getent passwd)'
--- /etc/passwd 2020-10-30 13:07:52.219261001 +0000
+++ /dev/fd/63 2020-10-30 13:29:38.396928732 +0000
@@ -24,3 +24,5 @@
_apt:x:105:65534::/nonexistent:/usr/sbin/nologin
ubuntu:x:1000:1000::/home/ubuntu:/bin/bash
systemd-coredump:x:999:999:systemd Core Dumper:/:/usr/sbin/nologin
+root:x:0:0:root:/root:/bin/sh
+nobody:x:65534:65534:nobody:/:/usr/sbin/nologin

$ lxc exec test-nobody -- bash -c 'diff -u /etc/group <(getent group)'
--- /etc/group 2020-10-30 13:07:52.211261089 +0000
+++ /dev/fd/63 2020-10-30 13:29:45.892846747 +0000
@@ -50,3 +50,5 @@
ubuntu:x:1000:
ssh:x:111:
systemd-coredump:x:999:
+root:x:0:
+nogroup:x:65534:

* Summary

systemd's NSS integration causes getent passwd/group to return duplicated entries for root/root and nobody/nogroup. The root account also gets a different shell (/bin/sh instead of /bin/bash).

* Steps to reproduce:

2 and 3 should report a single entry for each account/group but they return dups like this:

root:x:0:0:root:/root:/bin/bash
nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin
root:x:0:0:root:/root:/bin/sh
nobody:x:65534:65534:nobody:/:/usr/sbin/nologin

* Description

The problem seems to come from the NSS integration:

$ lxc exec test-nobody -- grep -wF systemd /etc/nsswitch.conf
passwd:         files systemd
group:          files systemd

as the /etc/passwd and /etc/group file contain no dups:

$ lxc exec test-nobody -- grep ^nobody: /etc/passwd
nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin
$ lxc exec test-nobody -- grep ^nogroup: /etc/group
nogroup:x:65534:

Removing systemd from /etc/nsswitch.conf indeed removes the dup.

An alternative way of seeing what systemd adds on top of the flat files:

$ lxc exec test-nobody -- bash -c 'diff -u /etc/passwd <(getent passwd)'
--- /etc/passwd	2020-10-30 13:07:52.219261001 +0000
+++ /dev/fd/63	2020-10-30 13:29:38.396928732 +0000
@@ -24,3 +24,5 @@
 _apt:x:105:65534::/nonexistent:/usr/sbin/nologin
 ubuntu:x:1000:1000::/home/ubuntu:/bin/bash
 systemd-coredump:x:999:999:systemd Core Dumper:/:/usr/sbin/nologin
+root:x:0:0:root:/root:/bin/sh
+nobody:x:65534:65534:nobody:/:/usr/sbin/nologin

$ lxc exec test-nobody -- bash -c 'diff -u /etc/group <(getent group)'
--- /etc/group	2020-10-30 13:07:52.211261089 +0000
+++ /dev/fd/63	2020-10-30 13:29:45.892846747 +0000
@@ -50,3 +50,5 @@
 ubuntu:x:1000:
 ssh:x:111:
 systemd-coredump:x:999:
+root:x:0:
+nogroup:x:65534:

Ubuntusystemd package

Comment 0 for bug 1902236

Ubuntu
systemd package