FS#55589 - [filesystem] user and group nobody missing

Attached to Project: Arch Linux
Opened by Andreas Radke (AndyRTR) - Monday, 11 September 2017, 16:31 GMT
Last edited by Sébastien Luttringer (seblu) - Sunday, 10 December 2017, 16:03 GMT
Task Type Bug Report
Category Packages: Testing
Status Closed
Assigned To Sébastien Luttringer (seblu)
Architecture All
Severity Low
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

You missed to readd "nobody" user/group to the new sysusers.d arch.conf file. This leads to nobody user and group missing in new clean setups and chroots. You will notice openssh segfaulting due to missing nobody user.

I've tried to add "u nobody 99 - -" but user and group were not created successfully here. Not sure why. "useradd" and "groupadd" show the group and user existant though not found in group/gshadow/passwd/shadow.
This task depends upon

Closed by  Sébastien Luttringer (seblu)
Sunday, 10 December 2017, 16:03 GMT
Reason for closing:  Fixed
Additional comments about closing:  filesystem 2017.10-2
Comment by loqs (loqs) - Monday, 11 September 2017, 16:58 GMT
See  FS#55570 
Comment by Sébastien Luttringer (seblu) - Monday, 11 September 2017, 19:13 GMT
Nobody is already provided by systemd in /usr/lib/sysusers.d/basic.conf. I think the issue is the same here  FS#55492 .

Comment by loqs (loqs) - Monday, 11 September 2017, 19:35 GMT
/usr/lib/sysusers.d/basic.conf provides nobody but it will not be added to /etc/passwd see https://bugs.archlinux.org/task/55570#comment160995
sshd fails because it attempts to write to read only memory see https://bugs.archlinux.org/task/55570#comment160996
Comment by Sébastien Luttringer (seblu) - Monday, 11 September 2017, 20:43 GMT
It looks like it's not the same issue than  FS#55492  finally. It happens even when systemd is pulled (or arch.conf has nobody inside it).

Looking at the following output, I guess nss_systemd is always provding answer for nobody user/group which mislead systemd-sysusers.

# grep nobody /etc/passwd; echo $?
1
# getent passwd nobody
nobody:*:65534:65534:User Nobody:/:/sbin/nologin
# SYSTEMD_LOG_LEVEL=debug systemd-sysusers /usr/lib/sysusers.d/basic.conf
Group nobody already exists.
User nobody already exists.
Comment by Sébastien Luttringer (seblu) - Monday, 11 September 2017, 21:05 GMT
A quick workaround would be to statically restore nobody in passwd and group files. But a talk with systemd folks is required.
Comment by loqs (loqs) - Monday, 11 September 2017, 21:10 GMT
Seblu are you going to report this upstream against systemd?
Is this not a duplicate of  FS#55492  and probably  FS#52129  for the sshd segfault?
Comment by Sébastien Luttringer (seblu) - Monday, 11 September 2017, 21:47 GMT
I sent a mail to systemd mailing list.

I guess you mean not a duplicate of  FS#55570 .

This BR is about the lack of creation of nobody user/group by systemd-sysusers.
 FS#55570 , is about a segfault in sshd because nss_systemd return a crafted nobody when the nobody is missing in passwd.
It looks like there is a relation between the two, but they are about two different issues.
Comment by loqs (loqs) - Monday, 11 September 2017, 22:01 GMT
Thank you for the clarification yes I meant  FS#55570 . If the nobody user was present in /etc/passwd then libnss_systemd.so.2 would not supply the result of getpwnam()
and openssh would not segfault when it tries to modify one of the buffers pointed to by that result.
Comment by Sébastien Luttringer (seblu) - Tuesday, 12 September 2017, 22:14 GMT
https://github.com/systemd/systemd/issues/6808
Comment by loqs (loqs) - Wednesday, 13 September 2017, 15:10 GMT
Apply https://github.com/systemd/systemd/pull/6812/commits/486a3dca9605aa082167a9a76811fd6f2059067e ?
Then systemd-sysusers could create nobody and root.

Loading...