Bug#416442: libc6: Wrong groups applied to user

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#416442: libc6: Wrong groups applied to user
From: Fabio Pugliese Ornellas <fabio.ornellas@gmail.com>
Date: Tue, 27 Mar 2007 19:38:25 -0300
Message-id: <[🔎] 20070327223825.6F0614006A@ampere.mt4>
Reply-to: Fabio Pugliese Ornellas <fabio.ornellas@gmail.com>, 416442@bugs.debian.org
Package: libc6
Version: 2.3.6.ds1-13
Severity: normal

Hello,

I have been expiriencing some gorup problems. The best way to explain,
is showing this:

gilson@ampere:/home/fabio$ id
uid=1003(gilson) gid=1003(gilson)
grupos=4(adm),108(cvs-archive),109(cvs-archive-adm),110(cvs-playground),111(cvs-playground-adm),112(cvs-chassiv3),113(cvs-chassiv3-adm),114(cvs-chassiv3-chassiv3),115(cvs-chassiv3-intranet2006),116(cvs-archive-sadia),117(cvs-archive-aldorebelo),118(cvs-archive-agenda),119(cvs-archive-zennex),120(cvs-archive-chassi),121(cvs-archive-spinelli),122(cvs-chassiv2),123(cvs-chassiv2-adm),124(cvs-chassiv2-spinelli),125(cvs-chassiv2-chassiv2),126(cvs-chassiv2-samesadia),127(cvs-chassiv2-intranet),136(cvs-infra-adm),137(cvs-infra-hins),138(cvs-infra-hims),139(cvs-infra-libsyshealth),140(cvs-infra-rtshm),141(cvs-infra-rsbkp),142(cvs-infra-scrap),143(cvs-playground-appexemplo),1003(gilson),1005(chassi_v3),1006(intranet2006)
gilson@ampere:/home/fabio$ id gilson
uid=1003(gilson) gid=1003(gilson)
grupos=1003(gilson),136(cvs-infra-adm),137(cvs-infra-hins),138(cvs-infra-hims),139(cvs-infra-libsyshealth),140(cvs-infra-rtshm),141(cvs-infra-rsbkp),142(cvs-infra-scrap),143(cvs-playground-appexemplo),4(adm),1005(chassi_v3),1006(intranet2006),108(cvs-archive),109(cvs-archive-adm),110(cvs-playground),111(cvs-playground-adm),112(cvs-chassiv3),113(cvs-chassiv3-adm),114(cvs-chassiv3-chassiv3),115(cvs-chassiv3-intranet2006),116(cvs-archive-sadia),117(cvs-archive-aldorebelo),118(cvs-archive-agenda),119(cvs-archive-zennex),120(cvs-archive-chassi),121(cvs-archive-spinelli),122(cvs-chassiv2),123(cvs-chassiv2-adm),124(cvs-chassiv2-spinelli),125(cvs-chassiv2-chassiv2),126(cvs-chassiv2-samesadia),127(cvs-chassiv2-intranet),128(cvs-chassiv2-spinelli2),129(cvs-chassiv2-sadia2005),130(cvs-playground-campeonato),131(cvs-playground-treinamento),132(cvs-archive-bb),133(cvs-archive-projetos),134(cvs-archive-bain),135(cvs-infra)
gilson@ampere:/home/fabio$

As you can see, the group list differs. And the list that is actually
applying is the shortest one. So, the user have not enough rights to
work. In theory, both command should output exactly the same groups.

I looked all over /etc/passwd and /etc/group for a reason. I did not
touched my /etc/nsswitch.conf, so AFAIK the previous files should apply.
There are no strange chars on group / user names (only 7bit ASCII chars,
I even checked both files with a HEX editor).

Here are the containts of both files:

/etc/passwd
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/bin/sh
bin:x:2:2:bin:/bin:/bin/sh
sys:x:3:3:sys:/dev:/bin/sh
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/bin/sh
man:x:6:12:man:/var/cache/man:/bin/sh
lp:x:7:7:lp:/var/spool/lpd:/bin/sh
mail:x:8:8:mail:/var/mail:/bin/sh
news:x:9:9:news:/var/spool/news:/bin/sh
uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
proxy:x:13:13:proxy:/bin:/bin/sh
www-data:x:33:33:www-data:/var/www:/bin/sh
backup:x:34:34:backup:/var/backups:/bin/sh
list:x:38:38:Mailing List Manager:/var/list:/bin/sh
irc:x:39:39:ircd:/var/run/ircd:/bin/sh
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
Debian-exim:x:102:102::/var/spool/exim4:/bin/false
fabio:x:1000:1000:Fabio Pugliese Ornellas,,,:/home/fabio:/bin/bash
sshd:x:100:65534::/var/run/sshd:/bin/false
postfix:x:101:104::/var/spool/postfix:/bin/false
dovecot:x:106:106:Dovecot mail server,,,:/usr/lib/dovecot:/bin/false
marcelo:x:1001:1001:marcelo nascimento pinto,,,:/home/marcelo:/bin/bash
mysql:x:103:107:MySQL Server,,,:/var/lib/mysql:/bin/false
gilson:x:1003:1003:Gilson,,,:/home/gilson:/bin/bash
ncagnoli:x:1004:1004:Nestor Andres Cagnoli
Junio,,,:/home/ncagnoli:/bin/bash
chassi_v3:x:1005:1005:,,,:/home/chassi_v3:/bin/false
intranet2006:x:1006:1006:,,,:/home/intranet2006:/bin/false

/etc/group
cvs-infra-adm:x:136:gilson
cvs-infra-hins:x:137:gilson
cvs-infra-hims:x:138:gilson
cvs-infra-libsyshealth:x:139:gilson
cvs-infra-rtshm:x:140:gilson
cvs-infra-rsbkp:x:141:gilson
cvs-infra-scrap:x:142:gilson
cvs-playground-appexemplo:x:143:gilson
root:x:0:
daemon:x:1:
bin:x:2:
sys:x:3:
adm:x:4:fabio,gilson
tty:x:5:
disk:x:6:
lp:x:7:
mail:x:8:
news:x:9:
uucp:x:10:
man:x:12:
proxy:x:13:
kmem:x:15:
dialout:x:20:fabio
fax:x:21:
voice:x:22:
cdrom:x:24:fabio
floppy:x:25:fabio
tape:x:26:
sudo:x:27:
audio:x:29:fabio
dip:x:30:
www-data:x:33:
backup:x:34:
operator:x:37:
list:x:38:
irc:x:39:
src:x:40:
gnats:x:41:
shadow:x:42:
utmp:x:43:
video:x:44:fabio
sasl:x:45:
plugdev:x:46:fabio
staff:x:50:
games:x:60:
users:x:100:
nogroup:x:65534:
crontab:x:101:
Debian-exim:x:102:
fabio:x:1000:
ssh:x:103:
postfix:x:104:
postdrop:x:105:
dovecot:x:106:
marcelo:x:1001:
mysql:x:107:
gilson:x:1003:
ncagnoli:x:1004:
chassi_v3:x:1005:gilson,www-data
intranet2006:x:1006:gilson,www-data
cvs-archive:x:108:gilson
cvs-archive-adm:x:109:gilson
cvs-playground:x:110:gilson
cvs-playground-adm:x:111:gilson
cvs-chassiv3:x:112:gilson
cvs-chassiv3-adm:x:113:gilson
cvs-chassiv3-chassiv3:x:114:gilson
cvs-chassiv3-intranet2006:x:115:gilson
cvs-archive-sadia:x:116:gilson
cvs-archive-aldorebelo:x:117:gilson
cvs-archive-agenda:x:118:gilson
cvs-archive-zennex:x:119:gilson
cvs-archive-chassi:x:120:gilson
cvs-archive-spinelli:x:121:gilson
cvs-chassiv2:x:122:gilson
cvs-chassiv2-adm:x:123:gilson
cvs-chassiv2-spinelli:x:124:gilson
cvs-chassiv2-chassiv2:x:125:gilson
cvs-chassiv2-samesadia:x:126:gilson
cvs-chassiv2-intranet:x:127:gilson
cvs-chassiv2-spinelli2:x:128:gilson
cvs-chassiv2-sadia2005:x:129:gilson
cvs-playground-campeonato:x:130:gilson
cvs-playground-treinamento:x:131:gilson
cvs-archive-bb:x:132:gilson
cvs-archive-projetos:x:133:gilson
cvs-archive-bain:x:134:gilson
cvs-infra:x:135:gilson

I made some manual tests (using vigr) and noticed that any groups added
at the end of /etc/gorup do not work. For example, I just moved group
audio to the end and the users in the group had no audio group rights.

I guessed the bug would be at glibc (it happened either using su gilson,
logging on a virtual console via getty or via ssh). I made the following
packages upgrade (from full up to date sarge system):

initrd-tools            0.1.81.1                0.1.84.2
libc6                   2.3.2.ds1-22sarge5      2.3.6.ds1-13
libc6-dev               2.3.2.ds1-22sarge5      2.3.6.ds1-13
locales                 2.3.2.ds1-22sarge5      2.3.6.ds1-13

and as requirement, installed the following extra packages:

libdevmapper1.02        2:1.02.08-1
tzdata                  2007b-1
libsepol1               1.14-2
libselinux1             1.32-3

and guess what:

gilson@ampere:/home/fabio$ id
uid=1003(gilson) gid=1003(gilson)
grupos=4(adm),108(cvs-archive),109(cvs-archive-adm),110(cvs-playground),111(cvs-playground-adm),112(cvs-chassiv3),113(cvs-chassiv3-adm),114(cvs-chassiv3-chassiv3),115(cvs-chassiv3-intranet2006),116(cvs-archive-sadia),117(cvs-archive-aldorebelo),118(cvs-archive-agenda),119(cvs-archive-zennex),120(cvs-archive-chassi),121(cvs-archive-spinelli),122(cvs-chassiv2),123(cvs-chassiv2-adm),124(cvs-chassiv2-spinelli),125(cvs-chassiv2-chassiv2),126(cvs-chassiv2-samesadia),127(cvs-chassiv2-intranet),128(cvs-chassiv2-spinelli2),129(cvs-chassiv2-sadia2005),130(cvs-playground-campeonato),131(cvs-playground-treinamento),132(cvs-archive-bb),133(cvs-archive-projetos),134(cvs-archive-bain),135(cvs-infra),136(cvs-infra-adm),137(cvs-infra-hins),138(cvs-infra-hims),139(cvs-infra-libsyshealth),140(cvs-infra-rtshm),141(cvs-infra-rsbkp),142(cvs-infra-scrap),143(cvs-playground-appexemplo),1003(gilson),1005(chassi_v3),1006(intranet2006)
gilson@ampere:/home/fabio$ id gilson
uid=1003(gilson) gid=1003(gilson)
grupos=1003(gilson),136(cvs-infra-adm),137(cvs-infra-hins),138(cvs-infra-hims),139(cvs-infra-libsyshealth),140(cvs-infra-rtshm),141(cvs-infra-rsbkp),142(cvs-infra-scrap),143(cvs-playground-appexemplo),4(adm),1005(chassi_v3),1006(intranet2006),108(cvs-archive),109(cvs-archive-adm),110(cvs-playground),111(cvs-playground-adm),112(cvs-chassiv3),113(cvs-chassiv3-adm),114(cvs-chassiv3-chassiv3),115(cvs-chassiv3-intranet2006),116(cvs-archive-sadia),117(cvs-archive-aldorebelo),118(cvs-archive-agenda),119(cvs-archive-zennex),120(cvs-archive-chassi),121(cvs-archive-spinelli),122(cvs-chassiv2),123(cvs-chassiv2-adm),124(cvs-chassiv2-spinelli),125(cvs-chassiv2-chassiv2),126(cvs-chassiv2-samesadia),127(cvs-chassiv2-intranet),128(cvs-chassiv2-spinelli2),129(cvs-chassiv2-sadia2005),130(cvs-playground-campeonato),131(cvs-playground-treinamento),132(cvs-archive-bb),133(cvs-archive-projetos),134(cvs-archive-bain),135(cvs-infra)
gilson@ampere:/home/fabio$

Now it works! Surely there is some bug on sarge's glibc.

I can help with any further information you may need to solve this.

Thank you.

-- System Information:
Debian Release: 3.1
Architecture: i386 (i686)
Kernel: Linux 2.6.8-3-686
Locale: LANG=pt_BR, LC_CTYPE=pt_BR (charmap=ISO-8859-1)

Versions of packages libc6 depends on:
ii  tzdata                        2007b-1    Time Zone and Daylight Saving Time

-- no debconf information
Reply to:
Follow-Ups:
- Bug#416442: libc6: Wrong groups applied to user
  - From: Stephen Gran <sgran@debian.org>
Prev by Date: r2031 - glibc-package/branches/glibc-2.5/debian/local/manpages
Next by Date: Bug#416442: libc6: Wrong groups applied to user
Previous by thread: r2031 - glibc-package/branches/glibc-2.5/debian/local/manpages
Next by thread: Bug#416442: libc6: Wrong groups applied to user
Index(es):
- Date
- Thread