URL: https://github.com/SSSD/sssd/pull/170 Author: celestian Title: #170: PROXY: Remove duplicit users from group Action: opened
PR body: """ It is possible to have duplicit members in local files (/etc/group). This patch removes duplicity in groups in proxy provider.
Resolves: https://fedorahosted.org/sssd/ticket/3314 """
To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/170/head:pr170 git checkout pr170
URL: https://github.com/SSSD/sssd/pull/170 Title: #170: PROXY: Remove duplicit users from group
celestian commented: """ There is the first version of patch.
I would like to ask @jhrozek or @lslebodn if our cwrap tests has capability to test this patch. I need ```/etc/group``` with duplicit users for testing it. Or is there better way?
Anyway I appreciate any comments to patch. """
See the full comment at https://github.com/SSSD/sssd/pull/170#issuecomment-282772139
URL: https://github.com/SSSD/sssd/pull/170 Title: #170: PROXY: Remove duplicit users from group
celestian commented: """ So, @lslebodn and me looked at how to test this patch. Unfortunately we found out that proxy code uses ```nss_files_getgrnam_r``` which is not mocked by ```libnss_wrapper```.
The reviewer could inspire there: ``` Configuration:
# cat /etc/sssd/sssd.conf [sssd] config_file_version = 2 services = nss, pam domains = shadowutils debug_level = 0xFFFF0
[nss] filter_groups = root filter_users = root debug_level = 0xFFFF0
[pam] offline_credentials_expiration = 365 debug_level = 0xFFFF0
[domain/shadowutils] id_provider = proxy proxy_lib_name = files
auth_provider = proxy proxy_pam_target = sssd-shadowutils proxy_fast_alias = True debug_level = 0xFFFF0
# cat /etc/nsswitch.conf [...] passwd: files sss shadow: files sss group: sss
Preparation:
useradd test_user groupadd test_group usermod -a -G test_group test_user
# And manualy add test_user to /etc/group to test_group again, so it looks like: # [...] # test_group:x:1001:test_user,test_user
Reproducer:
systemctl stop sssd rm -fR /var/lib/sss/db/*.ldb systemctl start sssd truncate -s0 /var/log/sssd/*.log getent group test_group ``` """
See the full comment at https://github.com/SSSD/sssd/pull/170#issuecomment-283878254
URL: https://github.com/SSSD/sssd/pull/170 Title: #170: PROXY: Remove duplicit users from group
fidencio commented: """ CI: http://sssd-ci.duckdns.org/logs/job/64/92/summary.html
Whoever is going to push this patch ... please, update the issue link to pagure instead of SSSD trac. """
See the full comment at https://github.com/SSSD/sssd/pull/170#issuecomment-286753130
URL: https://github.com/SSSD/sssd/pull/170 Title: #170: PROXY: Remove duplicit users from group
Label: +Accepted
URL: https://github.com/SSSD/sssd/pull/170 Title: #170: PROXY: Remove duplicit users from group
jhrozek commented: """ * master: ed2a5dad1ec82eda8a43ed8b0a05a6b01c3a6586 """
See the full comment at https://github.com/SSSD/sssd/pull/170#issuecomment-286761892
URL: https://github.com/SSSD/sssd/pull/170 Author: celestian Title: #170: PROXY: Remove duplicit users from group Action: closed
To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/170/head:pr170 git checkout pr170
URL: https://github.com/SSSD/sssd/pull/170 Title: #170: PROXY: Remove duplicit users from group
Label: -Accepted
URL: https://github.com/SSSD/sssd/pull/170 Title: #170: PROXY: Remove duplicit users from group
Label: +Pushed
sssd-devel@lists.fedorahosted.org