© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
bbfa235
(Get the code!)
The issue was introduced with https:/
Basically, the previous group validation was done using glibc's getgrid directly, which was presumably coping well with the RO status of /etc/group, but that poses consistency problems because you could add a local user to a network group. That PR changed this to only check the local /etc/group file contents manually instead.
Sadly, it doesn't cope well with our extrausers feature on multiple levels:
* The manual code fails hard if it can't lock the files
* We presumably have local groups defined in multiple places, which the code doesn't allow for.
A quickfix would be:
* Move the validation to until *after* parsing all of the options
* Revert back to the previous approach to validate groups if in extrausers mode
A more involved fix would be to replace that with an approach that would check both /etc/group and the extrausers equivalent when validating groups, while silently ignoring locking failures.