Bug#416442: marked as done (libc6: Wrong groups applied to user)

To: Aurelien Jarno <aurelien@aurel32.net>
Subject: Bug#416442: marked as done (libc6: Wrong groups applied to user)
From: owner@bugs.debian.org (Debian Bug Tracking System)
Date: Fri, 06 Apr 2007 16:06:22 +0000
Message-id: <[🔎] handler.416442.D416442.11758755107949.ackdone@bugs.debian.org>
References: <46166FA8.9010603@aurel32.net> <20070327223825.6F0614006A@ampere.mt4>

Your message dated Fri, 06 Apr 2007 18:04:56 +0200
with message-id <46166FA8.9010603@aurel32.net>
and subject line Bug#416442: libc6: Wrong groups applied to user
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: libc6: Wrong groups applied to user
From: Fabio Pugliese Ornellas <fabio.ornellas@gmail.com>
Date: Tue, 27 Mar 2007 19:38:25 -0300
Message-id: <20070327223825.6F0614006A@ampere.mt4>

Package: libc6
Version: 2.3.6.ds1-13
Severity: normal

Hello,

I have been expiriencing some gorup problems. The best way to explain,
is showing this:

gilson@ampere:/home/fabio$ id
uid=1003(gilson) gid=1003(gilson)
grupos=4(adm),108(cvs-archive),109(cvs-archive-adm),110(cvs-playground),111(cvs-playground-adm),112(cvs-chassiv3),113(cvs-chassiv3-adm),114(cvs-chassiv3-chassiv3),115(cvs-chassiv3-intranet2006),116(cvs-archive-sadia),117(cvs-archive-aldorebelo),118(cvs-archive-agenda),119(cvs-archive-zennex),120(cvs-archive-chassi),121(cvs-archive-spinelli),122(cvs-chassiv2),123(cvs-chassiv2-adm),124(cvs-chassiv2-spinelli),125(cvs-chassiv2-chassiv2),126(cvs-chassiv2-samesadia),127(cvs-chassiv2-intranet),136(cvs-infra-adm),137(cvs-infra-hins),138(cvs-infra-hims),139(cvs-infra-libsyshealth),140(cvs-infra-rtshm),141(cvs-infra-rsbkp),142(cvs-infra-scrap),143(cvs-playground-appexemplo),1003(gilson),1005(chassi_v3),1006(intranet2006)
gilson@ampere:/home/fabio$ id gilson
uid=1003(gilson) gid=1003(gilson)
grupos=1003(gilson),136(cvs-infra-adm),137(cvs-infra-hins),138(cvs-infra-hims),139(cvs-infra-libsyshealth),140(cvs-infra-rtshm),141(cvs-infra-rsbkp),142(cvs-infra-scrap),143(cvs-playground-appexemplo),4(adm),1005(chassi_v3),1006(intranet2006),108(cvs-archive),109(cvs-archive-adm),110(cvs-playground),111(cvs-playground-adm),112(cvs-chassiv3),113(cvs-chassiv3-adm),114(cvs-chassiv3-chassiv3),115(cvs-chassiv3-intranet2006),116(cvs-archive-sadia),117(cvs-archive-aldorebelo),118(cvs-archive-agenda),119(cvs-archive-zennex),120(cvs-archive-chassi),121(cvs-archive-spinelli),122(cvs-chassiv2),123(cvs-chassiv2-adm),124(cvs-chassiv2-spinelli),125(cvs-chassiv2-chassiv2),126(cvs-chassiv2-samesadia),127(cvs-chassiv2-intranet),128(cvs-chassiv2-spinelli2),129(cvs-chassiv2-sadia2005),130(cvs-playground-campeonato),131(cvs-playground-treinamento),132(cvs-archive-bb),133(cvs-archive-projetos),134(cvs-archive-bain),135(cvs-infra)
gilson@ampere:/home/fabio$

As you can see, the group list differs. And the list that is actually
applying is the shortest one. So, the user have not enough rights to
work. In theory, both command should output exactly the same groups.

I looked all over /etc/passwd and /etc/group for a reason. I did not
touched my /etc/nsswitch.conf, so AFAIK the previous files should apply.
There are no strange chars on group / user names (only 7bit ASCII chars,
I even checked both files with a HEX editor).

Here are the containts of both files:

/etc/passwd
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/bin/sh
bin:x:2:2:bin:/bin:/bin/sh
sys:x:3:3:sys:/dev:/bin/sh
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/bin/sh
man:x:6:12:man:/var/cache/man:/bin/sh
lp:x:7:7:lp:/var/spool/lpd:/bin/sh
mail:x:8:8:mail:/var/mail:/bin/sh
news:x:9:9:news:/var/spool/news:/bin/sh
uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
proxy:x:13:13:proxy:/bin:/bin/sh
www-data:x:33:33:www-data:/var/www:/bin/sh
backup:x:34:34:backup:/var/backups:/bin/sh
list:x:38:38:Mailing List Manager:/var/list:/bin/sh
irc:x:39:39:ircd:/var/run/ircd:/bin/sh
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
Debian-exim:x:102:102::/var/spool/exim4:/bin/false
fabio:x:1000:1000:Fabio Pugliese Ornellas,,,:/home/fabio:/bin/bash
sshd:x:100:65534::/var/run/sshd:/bin/false
postfix:x:101:104::/var/spool/postfix:/bin/false
dovecot:x:106:106:Dovecot mail server,,,:/usr/lib/dovecot:/bin/false
marcelo:x:1001:1001:marcelo nascimento pinto,,,:/home/marcelo:/bin/bash
mysql:x:103:107:MySQL Server,,,:/var/lib/mysql:/bin/false
gilson:x:1003:1003:Gilson,,,:/home/gilson:/bin/bash
ncagnoli:x:1004:1004:Nestor Andres Cagnoli
Junio,,,:/home/ncagnoli:/bin/bash
chassi_v3:x:1005:1005:,,,:/home/chassi_v3:/bin/false
intranet2006:x:1006:1006:,,,:/home/intranet2006:/bin/false

/etc/group
cvs-infra-adm:x:136:gilson
cvs-infra-hins:x:137:gilson
cvs-infra-hims:x:138:gilson
cvs-infra-libsyshealth:x:139:gilson
cvs-infra-rtshm:x:140:gilson
cvs-infra-rsbkp:x:141:gilson
cvs-infra-scrap:x:142:gilson
cvs-playground-appexemplo:x:143:gilson
root:x:0:
daemon:x:1:
bin:x:2:
sys:x:3:
adm:x:4:fabio,gilson
tty:x:5:
disk:x:6:
lp:x:7:
mail:x:8:
news:x:9:
uucp:x:10:
man:x:12:
proxy:x:13:
kmem:x:15:
dialout:x:20:fabio
fax:x:21:
voice:x:22:
cdrom:x:24:fabio
floppy:x:25:fabio
tape:x:26:
sudo:x:27:
audio:x:29:fabio
dip:x:30:
www-data:x:33:
backup:x:34:
operator:x:37:
list:x:38:
irc:x:39:
src:x:40:
gnats:x:41:
shadow:x:42:
utmp:x:43:
video:x:44:fabio
sasl:x:45:
plugdev:x:46:fabio
staff:x:50:
games:x:60:
users:x:100:
nogroup:x:65534:
crontab:x:101:
Debian-exim:x:102:
fabio:x:1000:
ssh:x:103:
postfix:x:104:
postdrop:x:105:
dovecot:x:106:
marcelo:x:1001:
mysql:x:107:
gilson:x:1003:
ncagnoli:x:1004:
chassi_v3:x:1005:gilson,www-data
intranet2006:x:1006:gilson,www-data
cvs-archive:x:108:gilson
cvs-archive-adm:x:109:gilson
cvs-playground:x:110:gilson
cvs-playground-adm:x:111:gilson
cvs-chassiv3:x:112:gilson
cvs-chassiv3-adm:x:113:gilson
cvs-chassiv3-chassiv3:x:114:gilson
cvs-chassiv3-intranet2006:x:115:gilson
cvs-archive-sadia:x:116:gilson
cvs-archive-aldorebelo:x:117:gilson
cvs-archive-agenda:x:118:gilson
cvs-archive-zennex:x:119:gilson
cvs-archive-chassi:x:120:gilson
cvs-archive-spinelli:x:121:gilson
cvs-chassiv2:x:122:gilson
cvs-chassiv2-adm:x:123:gilson
cvs-chassiv2-spinelli:x:124:gilson
cvs-chassiv2-chassiv2:x:125:gilson
cvs-chassiv2-samesadia:x:126:gilson
cvs-chassiv2-intranet:x:127:gilson
cvs-chassiv2-spinelli2:x:128:gilson
cvs-chassiv2-sadia2005:x:129:gilson
cvs-playground-campeonato:x:130:gilson
cvs-playground-treinamento:x:131:gilson
cvs-archive-bb:x:132:gilson
cvs-archive-projetos:x:133:gilson
cvs-archive-bain:x:134:gilson
cvs-infra:x:135:gilson

I made some manual tests (using vigr) and noticed that any groups added
at the end of /etc/gorup do not work. For example, I just moved group
audio to the end and the users in the group had no audio group rights.

I guessed the bug would be at glibc (it happened either using su gilson,
logging on a virtual console via getty or via ssh). I made the following
packages upgrade (from full up to date sarge system):

initrd-tools            0.1.81.1                0.1.84.2
libc6                   2.3.2.ds1-22sarge5      2.3.6.ds1-13
libc6-dev               2.3.2.ds1-22sarge5      2.3.6.ds1-13
locales                 2.3.2.ds1-22sarge5      2.3.6.ds1-13

and as requirement, installed the following extra packages:

libdevmapper1.02        2:1.02.08-1
tzdata                  2007b-1
libsepol1               1.14-2
libselinux1             1.32-3

and guess what:

gilson@ampere:/home/fabio$ id
uid=1003(gilson) gid=1003(gilson)
grupos=4(adm),108(cvs-archive),109(cvs-archive-adm),110(cvs-playground),111(cvs-playground-adm),112(cvs-chassiv3),113(cvs-chassiv3-adm),114(cvs-chassiv3-chassiv3),115(cvs-chassiv3-intranet2006),116(cvs-archive-sadia),117(cvs-archive-aldorebelo),118(cvs-archive-agenda),119(cvs-archive-zennex),120(cvs-archive-chassi),121(cvs-archive-spinelli),122(cvs-chassiv2),123(cvs-chassiv2-adm),124(cvs-chassiv2-spinelli),125(cvs-chassiv2-chassiv2),126(cvs-chassiv2-samesadia),127(cvs-chassiv2-intranet),128(cvs-chassiv2-spinelli2),129(cvs-chassiv2-sadia2005),130(cvs-playground-campeonato),131(cvs-playground-treinamento),132(cvs-archive-bb),133(cvs-archive-projetos),134(cvs-archive-bain),135(cvs-infra),136(cvs-infra-adm),137(cvs-infra-hins),138(cvs-infra-hims),139(cvs-infra-libsyshealth),140(cvs-infra-rtshm),141(cvs-infra-rsbkp),142(cvs-infra-scrap),143(cvs-playground-appexemplo),1003(gilson),1005(chassi_v3),1006(intranet2006)
gilson@ampere:/home/fabio$ id gilson
uid=1003(gilson) gid=1003(gilson)
grupos=1003(gilson),136(cvs-infra-adm),137(cvs-infra-hins),138(cvs-infra-hims),139(cvs-infra-libsyshealth),140(cvs-infra-rtshm),141(cvs-infra-rsbkp),142(cvs-infra-scrap),143(cvs-playground-appexemplo),4(adm),1005(chassi_v3),1006(intranet2006),108(cvs-archive),109(cvs-archive-adm),110(cvs-playground),111(cvs-playground-adm),112(cvs-chassiv3),113(cvs-chassiv3-adm),114(cvs-chassiv3-chassiv3),115(cvs-chassiv3-intranet2006),116(cvs-archive-sadia),117(cvs-archive-aldorebelo),118(cvs-archive-agenda),119(cvs-archive-zennex),120(cvs-archive-chassi),121(cvs-archive-spinelli),122(cvs-chassiv2),123(cvs-chassiv2-adm),124(cvs-chassiv2-spinelli),125(cvs-chassiv2-chassiv2),126(cvs-chassiv2-samesadia),127(cvs-chassiv2-intranet),128(cvs-chassiv2-spinelli2),129(cvs-chassiv2-sadia2005),130(cvs-playground-campeonato),131(cvs-playground-treinamento),132(cvs-archive-bb),133(cvs-archive-projetos),134(cvs-archive-bain),135(cvs-infra)
gilson@ampere:/home/fabio$

Now it works! Surely there is some bug on sarge's glibc.

I can help with any further information you may need to solve this.

Thank you.

-- System Information:
Debian Release: 3.1
Architecture: i386 (i686)
Kernel: Linux 2.6.8-3-686
Locale: LANG=pt_BR, LC_CTYPE=pt_BR (charmap=ISO-8859-1)

Versions of packages libc6 depends on:
ii  tzdata                        2007b-1    Time Zone and Daylight Saving Time

-- no debconf information

--- End Message ---

--- Begin Message ---

To: Stephen Gran <sgran@debian.org>, 416442-done@bugs.debian.org

Cc: Fabio Pugliese Ornellas <fabio.ornellas@gmail.com>

Subject: Re: Bug#416442: libc6: Wrong groups applied to user

From: Aurelien Jarno <aurelien@aurel32.net>

Date: Fri, 06 Apr 2007 18:04:56 +0200

Message-id: <46166FA8.9010603@aurel32.net>

In-reply-to: <20070327232001.GA25472@www.lobefin.net>

References: <20070327223825.6F0614006A@ampere.mt4> <20070327232001.GA25472@www.lobefin.net>
Version: 2.3.6ds1-13
thanks

Stephen Gran a écrit :
> This one time, at band camp, Fabio Pugliese Ornellas said:
>> Hello,
>>
>> I have been expiriencing some gorup problems. The best way to explain,
>> is showing this:
> 
> [snip]
> 
>> As you can see, the group list differs. And the list that is actually
>> applying is the shortest one. So, the user have not enough rights to
>> work. In theory, both command should output exactly the same groups.
> 
> Yes, sarge's glibc had a fixed length of 32 for group membership.  There
> is still a fixed length in etch, but it is much bigger.

Yep I confirm that. Marking the bug as fixed in Etch.

-- 
  .''`.  Aurelien Jarno	            | GPG: 1024D/F1BCDB73
 : :' :  Debian developer           | Electrical Engineer
 `. `'   aurel32@debian.org         | aurelien@aurel32.net
   `-    people.debian.org/~aurel32 | www.aurel32.net
--- End Message ---

Reply to:

Prev by Date: Processed: Re: Bug#374945 closed by Aurelien Jarno <aurel32@debian.org> (Bug#374945: fixed in glibc 2.5-0exp4)
Next by Date: Bug#418058: iconv: half-smart on ascii compatible code conversion (latin1, shift-jis, ...)
Previous by thread: Processed: Re: Bug#374945 closed by Aurelien Jarno <aurel32@debian.org> (Bug#374945: fixed in glibc 2.5-0exp4)
Next by thread: Bug#418058: iconv: half-smart on ascii compatible code conversion (latin1, shift-jis, ...)
Index(es):
- Date
- Thread