** Bug watch added: github.com/systemd/systemd/issues #15160 https://github.com/systemd/systemd/issues/15160
** Also affects: systemd via https://github.com/systemd/systemd/issues/15160 Importance: Unknown Status: Unknown ** Description changed: + [impact] + + getent password or getent group returns duplicate, false/synthesized, + entries for root and nobody + + [test case] + + root@lp1902236-f:~# getent passwd | grep root + root:x:0:0:root:/root:/bin/bash + root:x:0:0:root:/root:/bin/sh + root@lp1902236-f:~# getent group | grep root + root:x:0: + root:x:0: + + root@lp1902236-f:~# getent passwd | grep nobody + nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin + nobody:x:65534:65534:nobody:/:/usr/sbin/nologin + root@lp1902236-f:~# getent group | grep nogroup + nogroup:x:65534: + nogroup:x:65534: + + [regression potential] + + any regression would likely result in incorrect results to calls to + getent or other programs using libnss-systemd + + [scope] + + this is needed only for f + + this was fixed upstream by commit + 9494da41c271bb9519d3484b6016526a72cc6be5 which was included first in + v246, so this is fixed in g and later already. + + b and earlier doesn't show the duplication. + + [original description] + * Summary systemd's NSS integration causes getent passwd/group to return duplicated entries for root/root and nobody/nogroup. The root account also gets a different shell (/bin/sh instead of /bin/bash). * Steps to reproduce: 1) create a container $ lxc launch images:ubuntu/focal test-nobody 2) check the root and nobody accounts $ lxc exec test-nobody -- getent passwd | grep -E '^(root|nobody):' 3) check the root and nogroup groups $ lxc exec test-nobody -- getent group | grep -E '^(root|nogroup):' 2 and 3 should report a single entry for each account/group but they return dups like this: root:x:0:0:root:/root:/bin/bash nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin root:x:0:0:root:/root:/bin/sh nobody:x:65534:65534:nobody:/:/usr/sbin/nologin * Description The problem seems to come from the NSS integration: $ lxc exec test-nobody -- grep -wF systemd /etc/nsswitch.conf passwd: files systemd group: files systemd as the /etc/passwd and /etc/group file contain no dups: $ lxc exec test-nobody -- grep ^nobody: /etc/passwd nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin $ lxc exec test-nobody -- grep ^nogroup: /etc/group nogroup:x:65534: Removing systemd from /etc/nsswitch.conf indeed removes the dup. An alternative way of seeing what systemd adds on top of the flat files: $ lxc exec test-nobody -- bash -c 'diff -u /etc/passwd <(getent passwd)' --- /etc/passwd 2020-10-30 13:07:52.219261001 +0000 +++ /dev/fd/63 2020-10-30 13:29:38.396928732 +0000 @@ -24,3 +24,5 @@ _apt:x:105:65534::/nonexistent:/usr/sbin/nologin ubuntu:x:1000:1000::/home/ubuntu:/bin/bash systemd-coredump:x:999:999:systemd Core Dumper:/:/usr/sbin/nologin +root:x:0:0:root:/root:/bin/sh +nobody:x:65534:65534:nobody:/:/usr/sbin/nologin $ lxc exec test-nobody -- bash -c 'diff -u /etc/group <(getent group)' --- /etc/group 2020-10-30 13:07:52.211261089 +0000 +++ /dev/fd/63 2020-10-30 13:29:45.892846747 +0000 @@ -50,3 +50,5 @@ ubuntu:x:1000: ssh:x:111: systemd-coredump:x:999: +root:x:0: +nogroup:x:65534: * Additional information This bug seems to occur on Focal alone as Bionic and Groovy are not affected. $ lsb_release -rd Description: Ubuntu 20.04.1 LTS Release: 20.04 $ apt-cache policy base-passwd systemd base-passwd: - Installed: 3.5.47 - Candidate: 3.5.47 - Version table: - *** 3.5.47 500 - 500 http://archive.ubuntu.com/ubuntu focal/main amd64 Packages - 100 /var/lib/dpkg/status + Installed: 3.5.47 + Candidate: 3.5.47 + Version table: + *** 3.5.47 500 + 500 http://archive.ubuntu.com/ubuntu focal/main amd64 Packages + 100 /var/lib/dpkg/status systemd: - Installed: 245.4-4ubuntu3.2 - Candidate: 245.4-4ubuntu3.2 - Version table: - *** 245.4-4ubuntu3.2 500 - 500 http://archive.ubuntu.com/ubuntu focal-updates/main amd64 Packages - 100 /var/lib/dpkg/status - 245.4-4ubuntu3 500 - 500 http://archive.ubuntu.com/ubuntu focal/main amd64 Packages + Installed: 245.4-4ubuntu3.2 + Candidate: 245.4-4ubuntu3.2 + Version table: + *** 245.4-4ubuntu3.2 500 + 500 http://archive.ubuntu.com/ubuntu focal-updates/main amd64 Packages + 100 /var/lib/dpkg/status + 245.4-4ubuntu3 500 + 500 http://archive.ubuntu.com/ubuntu focal/main amd64 Packages -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/1902236 Title: Duplicated root and nobody returned by getent on Focal Status in systemd: Unknown Status in systemd package in Ubuntu: Fix Released Status in systemd source package in Focal: New Bug description: [impact] getent password or getent group returns duplicate, false/synthesized, entries for root and nobody [test case] root@lp1902236-f:~# getent passwd | grep root root:x:0:0:root:/root:/bin/bash root:x:0:0:root:/root:/bin/sh root@lp1902236-f:~# getent group | grep root root:x:0: root:x:0: root@lp1902236-f:~# getent passwd | grep nobody nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin nobody:x:65534:65534:nobody:/:/usr/sbin/nologin root@lp1902236-f:~# getent group | grep nogroup nogroup:x:65534: nogroup:x:65534: [regression potential] any regression would likely result in incorrect results to calls to getent or other programs using libnss-systemd [scope] this is needed only for f this was fixed upstream by commit 9494da41c271bb9519d3484b6016526a72cc6be5 which was included first in v246, so this is fixed in g and later already. b and earlier doesn't show the duplication. [original description] * Summary systemd's NSS integration causes getent passwd/group to return duplicated entries for root/root and nobody/nogroup. The root account also gets a different shell (/bin/sh instead of /bin/bash). * Steps to reproduce: 1) create a container $ lxc launch images:ubuntu/focal test-nobody 2) check the root and nobody accounts $ lxc exec test-nobody -- getent passwd | grep -E '^(root|nobody):' 3) check the root and nogroup groups $ lxc exec test-nobody -- getent group | grep -E '^(root|nogroup):' 2 and 3 should report a single entry for each account/group but they return dups like this: root:x:0:0:root:/root:/bin/bash nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin root:x:0:0:root:/root:/bin/sh nobody:x:65534:65534:nobody:/:/usr/sbin/nologin * Description The problem seems to come from the NSS integration: $ lxc exec test-nobody -- grep -wF systemd /etc/nsswitch.conf passwd: files systemd group: files systemd as the /etc/passwd and /etc/group file contain no dups: $ lxc exec test-nobody -- grep ^nobody: /etc/passwd nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin $ lxc exec test-nobody -- grep ^nogroup: /etc/group nogroup:x:65534: Removing systemd from /etc/nsswitch.conf indeed removes the dup. An alternative way of seeing what systemd adds on top of the flat files: $ lxc exec test-nobody -- bash -c 'diff -u /etc/passwd <(getent passwd)' --- /etc/passwd 2020-10-30 13:07:52.219261001 +0000 +++ /dev/fd/63 2020-10-30 13:29:38.396928732 +0000 @@ -24,3 +24,5 @@ _apt:x:105:65534::/nonexistent:/usr/sbin/nologin ubuntu:x:1000:1000::/home/ubuntu:/bin/bash systemd-coredump:x:999:999:systemd Core Dumper:/:/usr/sbin/nologin +root:x:0:0:root:/root:/bin/sh +nobody:x:65534:65534:nobody:/:/usr/sbin/nologin $ lxc exec test-nobody -- bash -c 'diff -u /etc/group <(getent group)' --- /etc/group 2020-10-30 13:07:52.211261089 +0000 +++ /dev/fd/63 2020-10-30 13:29:45.892846747 +0000 @@ -50,3 +50,5 @@ ubuntu:x:1000: ssh:x:111: systemd-coredump:x:999: +root:x:0: +nogroup:x:65534: * Additional information This bug seems to occur on Focal alone as Bionic and Groovy are not affected. $ lsb_release -rd Description: Ubuntu 20.04.1 LTS Release: 20.04 $ apt-cache policy base-passwd systemd base-passwd: Installed: 3.5.47 Candidate: 3.5.47 Version table: *** 3.5.47 500 500 http://archive.ubuntu.com/ubuntu focal/main amd64 Packages 100 /var/lib/dpkg/status systemd: Installed: 245.4-4ubuntu3.2 Candidate: 245.4-4ubuntu3.2 Version table: *** 245.4-4ubuntu3.2 500 500 http://archive.ubuntu.com/ubuntu focal-updates/main amd64 Packages 100 /var/lib/dpkg/status 245.4-4ubuntu3 500 500 http://archive.ubuntu.com/ubuntu focal/main amd64 Packages To manage notifications about this bug go to: https://bugs.launchpad.net/systemd/+bug/1902236/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
