-
-
Notifications
You must be signed in to change notification settings - Fork 3.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
group memberships not shown for drop in user records #24381
Comments
It doesn't look like additional group membership is properly loaded from drop-ins, neither with the However, as a workaround, membership drop-ins do the trick: create a file named
At least, this is working for me on Ubuntu 22.04 with systemd 249, which does not have userdbd. |
how does your /etc/nsswitch.conf actually look like? i.e. it must say:
or something like that. i.e. the |
Sorry for the late response. My nsswitch.conf contains
Thank you lutchan, I will try that. |
Thanks for the workaround, indeed it helps :) But now I wonder, what are valid contents for a |
@AdrianVovk fyi |
I've looked into this and found that it's basically not implemented! Presumably an oversight. 😄 I started trying to fix this one way, and got the group to appear in |
@chewi thank you so much for looking into this issue :) |
I got it to work!! It just needs some deduping. Hopefully that's not difficult. |
Oh, by the way, your test case is slightly wonky. |
All looking good now. Time to write some tests. |
This was broken because it was never actually implemented. Only .membership dropins were checked. This enhances the membership iterator to step through each user/group in these dropins before moving on to the next dropin. Fixes systemd#24381.
It turns out I'm still getting some duplication, although that's probably a minor issue. More importantly, my tests are failing because I'm bizarrely getting different results from userdbctl when requesting the output in JSON format. I don't think I should create a pull request yet, but here is the branch if you're interested. |
This was broken because it was never actually implemented. Only .membership dropins were checked. This enhances the membership iterator to step through each user/group in these dropins before moving on to the next dropin. Fixes systemd#24381.
This was broken because it was never actually implemented. Only .membership dropins were checked. This enhances the membership iterator to step through each user/group in these dropins before moving on to the next dropin. It does not deduplicate the users or groups as it iterates. Some users of the iterator do deduplication, but userdbctl's friendly output and the NSS module do not. Perhaps this is not an issue in practise. Fixes systemd#24381.
The friendly renderer was using a membership iterator while the JSON renderer was not. Fixes systemd#24381.
The friendly renderer was using a membership iterator while the classic renderer was not. Fixes systemd#24381.
It's ready. It still duplicates in places, but hopefully that's not a real issue. See the PR in #32871. |
This was broken because it was never actually implemented. Only .membership dropins were checked. This enhances the membership iterator to step through each user/group in these dropins before moving on to the next dropin. It does not deduplicate the users or groups as it iterates. Some users of the iterator do deduplication, but userdbctl's friendly output and the NSS module do not. Perhaps this is not an issue in practise. Fixes systemd#24381.
The friendly renderer was using a membership iterator while the JSON renderer was not. Fixes systemd#24381.
The friendly renderer was using a membership iterator while the classic renderer was not. Fixes systemd#24381.
This was broken because it was never actually implemented. Only .membership dropins were checked. This enhances the membership iterator to step through each user/group in these dropins before moving on to the next dropin. It does not deduplicate the users or groups as it iterates. Some users of the iterator do deduplication, but userdbctl's friendly output and the NSS module do not. Perhaps this is not an issue in practise. Fixes systemd#24381.
The friendly renderer was using a membership iterator while the JSON renderer was not. Fixes systemd#24381.
The friendly renderer was using a membership iterator while the classic renderer was not. Fixes systemd#24381.
so yeah, the contents is ignored indeed. this was the reason i never documented this part, i wasn't entirely sure what to write into the docs... and then i eventually totally forgot about this. I think we should require that these files contain json objects matching the return parameter of what the io.systemd.UserDatabase.GetMemberships() call also returns. (but of course, we don't really want to parse those files ever, hence it's hard to enforce correctness here) |
To add some login users to my images, I tried the userdb drop in users.
They show up in userdb, but the group memberships don't come up as expected.
My system is Archlinux with systemd 251.4-1-arch
This should return
but instead I get that no memberships exist
The services of userdb are up and running
The records are available according to userdbctl
But somehow the relationship isn't loaded as it would have been when using homectl. I have investigated the code but couldn't find the place where the group memberships are left out or dropped.
The text was updated successfully, but these errors were encountered: