Bug#407788: x11-common init script cause bootup hang when using nss_ldap for LDAP-based user and groups

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#407788: x11-common init script cause bootup hang when using nss_ldap for LDAP-based user and groups
From: Andreas Unterkircher <unki@netshadow.at>
Date: Sun, 21 Jan 2007 14:11:51 +0100
Message-id: <[🔎] 20070121131151.2577.48688.reportbug@localhost>
Reply-to: Andreas Unterkircher <unki@netshadow.at>, 407788@bugs.debian.org

Package: x11-common
Version: 1:7.1.0-10
Severity: important


My first Debian bug report - so kindly ask for patient.

We use nss_ldap for getting our OpenLDAP users available on the Linux
boxes.

During bootup x11-common init script invokes two times

   chown 0:0 $SOCKET_DIR
   chown 0:0 $ICE_DIR

which looks like to cause NSS to reverse lookup the user and
group behind 0. As the network hasn't started yet or isn't connected the
box hangs for a very long time in this step (it works to press CTRL+C,
but for a remote box this is not always possible).

I recompiled libnss-ldap with debugging enabled which shows up several
queries which are looking for a user during haning around in x11-common:

(&(objectClass=posixAccount)(uid=0)
and after a timeout
(&(objectClass=posixAccount)(cn=0) 

Simply changing these lines to

   chown root:root

is a quick fix for that issue. But I guess somebody had a reason to use
0:0 for this - most probably to avoid forward lookups user -> id.

Basically I'm not sure why this hang happens. Why should a chown with
id's cause a reverse lookup. 

/etc/nsswitch.conf say - first "files", second "ldap":
passwd:         files ldap
group:          files ldap

"root" is indeed in the local files:
unki@testdebian:~$ grep root /etc/passwd
root:x:0:0:root:/root:/bin/bash
unki@testdebian:~$ grep root /etc/group
root:x:0:

Furthermore we have specified in libnss-ldap.conf the parameter 
"nss_initgroups_ignoreusers root" which cause nss_ldap to not do
group enumerations for the user "root" - but it looks like this
parameter is ignored on a reverse lookup.

Regards,
Andreas

-- System Information:
Debian Release: 4.0
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-3-686
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)

Versions of packages x11-common depends on:
ii  debconf [debconf-2.0]         1.5.11     Debian configuration management sy
ii  debianutils                   2.17       Miscellaneous utilities specific t
ii  lsb-base                      3.1-22     Linux Standard Base 3.1 init scrip

x11-common recommends no packages.

-- debconf information excluded

Reply to:

Prev by Date: Bug#338081: marked as done (xserver-common: Promote xfonts-base from suggests to recommends)
Next by Date: Bug#298770: /tmp/.ICE-unix not owned by root
Previous by thread: Bug#338081: marked as done (xserver-common: Promote xfonts-base from suggests to recommends)
Next by thread: Bug#298770: /tmp/.ICE-unix not owned by root
Index(es):
- Date
- Thread