cron daemon caches user-non-existent lookup results, causing "ORPHAN" message and skipping jobs for all LDAP/NIS-defined users
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
cron (Debian) |
Fix Released
|
Undecided
|
Unassigned | ||
cron (Ubuntu) |
Fix Released
|
Medium
|
Unassigned | ||
Lucid |
Fix Released
|
Medium
|
Barry Warsaw | ||
Maverick |
Won't Fix
|
Medium
|
Unassigned | ||
Natty |
Won't Fix
|
Medium
|
Unassigned |
Bug Description
== SRU Justification ==
* Impact: users being defined on remote user databases such as LDAP will not be able to access to their cron jobs and these will be marked as orphaned unless cron is restarted. The impact is severe for users relying on cron and using LDAP.
* Fix:
The fix was implemented in Fedora's cronie. It implements a list orphan which allows to describe jobs as being orphaned or not depending on whether the owner is found or not.
* Test case:
How to reproduce:
1. Setup an LDAP remote directory and add a user to test.
2. Create a crontab for this user with some jobs.
3. When a reboot happens, this user will have its jobs orphaned.
Expected results:
- the cron table is read and jobs are to be executed when required.
Actual results:
- the cron table / jobs are marked as orphaned.
* Regression potential: very minimal, the fix only adds a list adding a new description to the jobs, these are described as orphans and are checked when necessary.
* Original bug description:
We had a server which was happily running Hoary. It authenticated to our AD2003
domain using winbind, and winbind was in the nsswitch.conf. However, after
upgrading to Breezy, cron no longer works properly, in that it doesn't respect
accounts from winbind as being valid accounts. My logs are filling up with
messages like:
Dec 22 09:52:01 thorin /usr/sbin/
Dec 22 09:52:01 thorin /usr/sbin/
Dec 22 09:55:01 thorin /usr/sbin/
Dec 22 09:55:01 thorin /usr/sbin/
If you do "id user1", their information shows up perfectly fine, so it seems
like cron has been changed to not respect this source of information.
Related branches
Changed in cron: | |
assignee: | nobody → adconrad |
Changed in cron: | |
assignee: | adconrad → nobody |
summary: |
- cron no longer respects nsswitch.conf + cron daemon starts before LDAP client, causing "ORPHAN" message for all + LDAP users |
summary: |
cron daemon starts before LDAP client, causing "ORPHAN" message for all - LDAP users + LDAP-defined users |
summary: |
- cron daemon starts before LDAP/NIS client, causing "ORPHAN" message for - all LDAP/NIS-defined users + cron daemon caches user-non-existent lookup results, causing "ORPHAN" + message and skipping jobs for all LDAP/NIS-defined users |
Changed in cron (Debian): | |
status: | New → Fix Released |
Changed in cron (Ubuntu Lucid): | |
status: | New → Confirmed |
Changed in cron (Ubuntu Maverick): | |
status: | New → Triaged |
status: | Triaged → In Progress |
Changed in cron (Ubuntu Natty): | |
status: | New → Triaged |
Changed in cron (Ubuntu Maverick): | |
status: | In Progress → Triaged |
Changed in cron (Ubuntu Lucid): | |
status: | Confirmed → Triaged |
importance: | Undecided → Medium |
Changed in cron (Ubuntu Maverick): | |
importance: | Undecided → Medium |
Changed in cron (Ubuntu Natty): | |
importance: | Undecided → Medium |
Changed in cron (Ubuntu Lucid): | |
assignee: | nobody → Barry Warsaw (barry) |
Changed in cron (Ubuntu Maverick): | |
assignee: | nobody → Barry Warsaw (barry) |
Changed in cron (Ubuntu Natty): | |
assignee: | nobody → Barry Warsaw (barry) |
Changed in cron (Ubuntu Lucid): | |
status: | Triaged → In Progress |
Changed in cron (Ubuntu Maverick): | |
status: | Triaged → In Progress |
Changed in cron (Ubuntu Natty): | |
status: | Triaged → In Progress |
tags: | added: verification-needed |
tags: |
added: verification-done removed: verification-needed |
Just to get an update, is anyone looking into this for Dapper?