Skip to content

Commit abd96fd

Browse files
blucabluca
committed
sysusers: handle NSS errors gracefully
If the io.systemd.DynamicUser or io.systemd.Machine files exist, but nothing is listening on them, the nss-systemd module returns ECONNREFUSED and systemd-sysusers fails to creat the user/group. This is problematic when ran by packaging scripts, as the package assumes that after this has run, the user/group exist and can be used. adduser does not fail in the same situation. Change sysusers to print a loud warning but otherwise continue when NSS returns an error. (cherry picked from commit fc9938d) (cherry picked from commit abba1e6) (cherry picked from commit 0f51875) (cherry picked from commit dffa62c) (cherry picked from commit af2eb43)
1 parent 0e8ec38 commit abd96fd

File tree

2 files changed

+30
-6
lines changed

2 files changed

+30
-6
lines changed

src/sysusers/sysusers.c

+6-6
Original file line numberDiff line numberDiff line change
@@ -978,7 +978,7 @@ static int uid_is_ok(uid_t uid, const char *name, bool check_with_gid) {
978978
if (p)
979979
return 0;
980980
if (!IN_SET(errno, 0, ENOENT))
981-
return -errno;
981+
log_warning_errno(errno, "Unexpected failure while looking up UID '" UID_FMT "' via NSS, assuming it doesn't exist: %m", uid);
982982

983983
if (check_with_gid) {
984984
errno = 0;
@@ -987,7 +987,7 @@ static int uid_is_ok(uid_t uid, const char *name, bool check_with_gid) {
987987
if (!streq(g->gr_name, name))
988988
return 0;
989989
} else if (!IN_SET(errno, 0, ENOENT))
990-
return -errno;
990+
log_warning_errno(errno, "Unexpected failure while looking up GID '" GID_FMT "' via NSS, assuming it doesn't exist: %m", uid);
991991
}
992992
}
993993

@@ -1092,7 +1092,7 @@ static int add_user(Item *i) {
10921092
return 0;
10931093
}
10941094
if (!errno_is_not_exists(errno))
1095-
return log_error_errno(errno, "Failed to check if user %s already exists: %m", i->name);
1095+
log_warning_errno(errno, "Unexpected failure while looking up user '%s' via NSS, assuming it doesn't exist: %m", i->name);
10961096
}
10971097

10981098
/* Try to use the suggested numeric UID */
@@ -1198,15 +1198,15 @@ static int gid_is_ok(gid_t gid, bool check_with_uid) {
11981198
if (g)
11991199
return 0;
12001200
if (!IN_SET(errno, 0, ENOENT))
1201-
return -errno;
1201+
log_warning_errno(errno, "Unexpected failure while looking up GID '" GID_FMT "' via NSS, assuming it doesn't exist: %m", gid);
12021202

12031203
if (check_with_uid) {
12041204
errno = 0;
12051205
p = getpwuid((uid_t) gid);
12061206
if (p)
12071207
return 0;
12081208
if (!IN_SET(errno, 0, ENOENT))
1209-
return -errno;
1209+
log_warning_errno(errno, "Unexpected failure while looking up GID '" GID_FMT "' via NSS, assuming it doesn't exist: %m", gid);
12101210
}
12111211
}
12121212

@@ -1236,7 +1236,7 @@ static int get_gid_by_name(const char *name, gid_t *gid) {
12361236
return 0;
12371237
}
12381238
if (!errno_is_not_exists(errno))
1239-
return log_error_errno(errno, "Failed to check if group %s already exists: %m", name);
1239+
log_warning_errno(errno, "Unexpected failure while looking up group '%s' via NSS, assuming it doesn't exist: %m", name);
12401240
}
12411241

12421242
return -ENOENT;

test/units/TEST-74-AUX-UTILS.sysusers.sh

+24
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,24 @@
1+
#!/usr/bin/env bash
2+
# SPDX-License-Identifier: LGPL-2.1-or-later
3+
set -eux
4+
set -o pipefail
5+
6+
# shellcheck source=test/units/util.sh
7+
. "$(dirname "$0")"/util.sh
8+
9+
at_exit() {
10+
set +e
11+
userdel -r foobarbaz
12+
umount /run/systemd/userdb/
13+
}
14+
15+
# Check that we indeed run under root to make the rest of the test work
16+
[[ "$(id -u)" -eq 0 ]]
17+
18+
trap at_exit EXIT
19+
20+
# Ensure that a non-responsive NSS socket doesn't make sysusers fail
21+
mount -t tmpfs tmpfs /run/systemd/userdb/
22+
touch /run/systemd/userdb/io.systemd.DynamicUser
23+
echo 'u foobarbaz' | SYSTEMD_LOG_LEVEL=debug systemd-sysusers -
24+
grep -q foobarbaz /etc/passwd

0 commit comments

Comments
 (0)