Date: Mon, 28 Apr 2003 06:18:59 -0500 From: "Jacques A. Vidrine" <nectar@FreeBSD.org> To: Vallo Kallaste <vallo@estcard.ee>, freebsd-current@freebsd.org, Tim Robbins <tjr@FreeBSD.ORG> Subject: Re: Somethings still up with new NSS? Message-ID: <20030428111859.GA2923@madman.celabo.org> In-Reply-To: <20030428105521.GB2676@madman.celabo.org> References: <20030428075916.GA53857@myhakas.internal> <20030428190209.A21656@dilbert.robbins.dropbear.id.au> <20030428075916.GA53857@myhakas.internal> <20030428080505.GA1474@chihiro.leafy.idv.tw> <20030428075916.GA53857@myhakas.internal> <20030428105521.GB2676@madman.celabo.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Apr 28, 2003 at 05:55:21AM -0500, Jacques A. Vidrine wrote: > I thought the relative dearth of critical bug reports so far was too > good to be true :-) > > Sounds like I have introduced a bug into `pwd_mkdb -u', which is the > common denominator in your reports. `passwd', `chsh', `pw' all use > `pwd_mkdb -u', whereas vipw uses plain `pwd_mkdb'. > > I will look at it closely today! > > Meanwhile, if this happens to you, just run `vipw' or `pwd_mkdb' to > rebuild your database. Here's the scoop: The NSS commit included changes to update the format of /etc/pwd.db and /etc/spwd.db pre-processed passwd(5) files so that they could be moved from architecture to architecture. To enable compatibility with old binaries, the format includes versioned entries. (The `old version' is version 3; the `new version' is version 4.) pwd_mkdb(8) rebuilds the databases from /etc/master.passwd. This utility can either rebuild the entire database, which is the default behavior, or it can update only a single entry, which is the behavior requested by the `-u' option. passwd(1), chsh(1) and similar tools use the `-u' option. Now if you run `pwd_mkdb' built after the NSS commit, everything is fine. Version 3 and version 4 entries are created. Your old and new binaries will `see' all the users. But, if you run `pwd_mkdb -u' BEFORE you rebuild the entire database with plain `pwd_mkdb', the database will have version 3 entries for all of your users, but only a version 4 entry for the single target user. Old binaries still function fine, but new binaries now `see' that the database supports the new version 4 entries. So, only the single user that was updated is recognized. So until I add logic to pwd_mkdb(8) to recognize and deal appropriately with this situation, it is best to run pwd_mkdb once manually after the NSS commit. Cheers, -- Jacques Vidrine . NTT/Verio SME . FreeBSD UNIX . Heimdal nectar@celabo.org . jvidrine@verio.net . nectar@freebsd.org . nectar@kth.se
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030428111859.GA2923>