Ticket #916 (closed defect: fixed)

Opened 3 years ago

Last modified 2 years ago

Explicitly ignore groups with gidNumber = 0

Reported by: sgallagh Owned by: jhrozek
Priority: critical Milestone: SSSD 1.5.12
Component: LDAP Provider Version: 1.5.10
Keywords: Cc:
Blocked By: Blocking:
Tests Updated: no Coverity Bug:
Patch Submitted: yes Red Hat Bugzilla: 709178
Design link:
Feature Milestone:
Design review: Fedora test page:
Chosen: Candidate to push out:
Release Notes:

Description

The SSSD cannot handle UID and GID 0, however some users of SSSD have a 'root' group in LDAP with gidNumber 0. Right now, this breaks initgroups() requests for any user in the 'root' group. We should explicitly ignore this group (which would be in keeping with the default setting of min_id = 1).

See https://bugzilla.redhat.com/show_bug.cgi?id=709178 for more details.

Change History

comment:1 Changed 3 years ago by dpal

  • Milestone changed from NEEDS_TRIAGE to SSSD 1.5.12

comment:2 Changed 3 years ago by dpal

  • Owner changed from somebody to jhrozek

comment:3 Changed 3 years ago by jhrozek

  • Status changed from new to assigned

comment:4 Changed 3 years ago by jhrozek

  • Patch Submitted set

comment:5 Changed 3 years ago by jhrozek

  • Resolution set to fixed
  • Status changed from assigned to closed

comment:6 Changed 3 years ago by sgallagh

  • Red Hat Bugzilla set to 709178

comment:7 Changed 2 years ago by mkosek

  • Red Hat Bugzilla changed from 709178 to https://bugzilla.redhat.com/show_bug.cgi?id=709178

comment:8 Changed 2 years ago by mkosek

  • Red Hat Bugzilla changed from https://bugzilla.redhat.com/show_bug.cgi?id=709178 to [https://bugzilla.redhat.com/show_bug.cgi?id=709178 709178]
Note: See TracTickets for help on using tickets.