Skip to content

Commit dffa62c

Browse files
blucabluca
committed
sysusers: handle NSS errors gracefully
If the io.systemd.DynamicUser or io.systemd.Machine files exist, but nothing is listening on them, the nss-systemd module returns ECONNREFUSED and systemd-sysusers fails to creat the user/group. This is problematic when ran by packaging scripts, as the package assumes that after this has run, the user/group exist and can be used. adduser does not fail in the same situation. Change sysusers to print a loud warning but otherwise continue when NSS returns an error. (cherry picked from commit fc9938d) (cherry picked from commit abba1e6) (cherry picked from commit 0f51875)
1 parent 083380e commit dffa62c

File tree

2 files changed

+30
-6
lines changed

2 files changed

+30
-6
lines changed

src/sysusers/sysusers.c

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -995,7 +995,7 @@ static int uid_is_ok(uid_t uid, const char *name, bool check_with_gid) {
995995
if (p)
996996
return 0;
997997
if (!IN_SET(errno, 0, ENOENT))
998-
return -errno;
998+
log_warning_errno(errno, "Unexpected failure while looking up UID '" UID_FMT "' via NSS, assuming it doesn't exist: %m", uid);
999999

10001000
if (check_with_gid) {
10011001
errno = 0;
@@ -1004,7 +1004,7 @@ static int uid_is_ok(uid_t uid, const char *name, bool check_with_gid) {
10041004
if (!streq(g->gr_name, name))
10051005
return 0;
10061006
} else if (!IN_SET(errno, 0, ENOENT))
1007-
return -errno;
1007+
log_warning_errno(errno, "Unexpected failure while looking up GID '" GID_FMT "' via NSS, assuming it doesn't exist: %m", uid);
10081008
}
10091009
}
10101010

@@ -1109,7 +1109,7 @@ static int add_user(Item *i) {
11091109
return 0;
11101110
}
11111111
if (!errno_is_not_exists(errno))
1112-
return log_error_errno(errno, "Failed to check if user %s already exists: %m", i->name);
1112+
log_warning_errno(errno, "Unexpected failure while looking up user '%s' via NSS, assuming it doesn't exist: %m", i->name);
11131113
}
11141114

11151115
/* Try to use the suggested numeric UID */
@@ -1225,15 +1225,15 @@ static int gid_is_ok(gid_t gid, const char *groupname, bool check_with_uid) {
12251225
if (g)
12261226
return 0;
12271227
if (!IN_SET(errno, 0, ENOENT))
1228-
return -errno;
1228+
log_warning_errno(errno, "Unexpected failure while looking up GID '" GID_FMT "' via NSS, assuming it doesn't exist: %m", gid);
12291229

12301230
if (check_with_uid) {
12311231
errno = 0;
12321232
p = getpwuid((uid_t) gid);
12331233
if (p)
12341234
return 0;
12351235
if (!IN_SET(errno, 0, ENOENT))
1236-
return -errno;
1236+
log_warning_errno(errno, "Unexpected failure while looking up GID '" GID_FMT "' via NSS, assuming it doesn't exist: %m", gid);
12371237
}
12381238
}
12391239

@@ -1263,7 +1263,7 @@ static int get_gid_by_name(const char *name, gid_t *gid) {
12631263
return 0;
12641264
}
12651265
if (!errno_is_not_exists(errno))
1266-
return log_error_errno(errno, "Failed to check if group %s already exists: %m", name);
1266+
log_warning_errno(errno, "Unexpected failure while looking up group '%s' via NSS, assuming it doesn't exist: %m", name);
12671267
}
12681268

12691269
return -ENOENT;

test/units/TEST-74-AUX-UTILS.sysusers.sh

Lines changed: 24 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,24 @@
1+
#!/usr/bin/env bash
2+
# SPDX-License-Identifier: LGPL-2.1-or-later
3+
set -eux
4+
set -o pipefail
5+
6+
# shellcheck source=test/units/util.sh
7+
. "$(dirname "$0")"/util.sh
8+
9+
at_exit() {
10+
set +e
11+
userdel -r foobarbaz
12+
umount /run/systemd/userdb/
13+
}
14+
15+
# Check that we indeed run under root to make the rest of the test work
16+
[[ "$(id -u)" -eq 0 ]]
17+
18+
trap at_exit EXIT
19+
20+
# Ensure that a non-responsive NSS socket doesn't make sysusers fail
21+
mount -t tmpfs tmpfs /run/systemd/userdb/
22+
touch /run/systemd/userdb/io.systemd.DynamicUser
23+
echo 'u foobarbaz' | SYSTEMD_LOG_LEVEL=debug systemd-sysusers -
24+
grep -q foobarbaz /etc/passwd

0 commit comments

Comments
 (0)