| Message ID | 545D34F6.8080703@redhat.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
On 11/07/2014 04:09 PM, Sami Wagiaalla wrote: > From: Sami Wagiaalla <swagiaal@redhat.com> > > I was having trouble setting up NFS on Atomic Host. It turns out > there is an issue when rpcbind is trying to find the uid of the > rpc user. OSTree based operating systems store user information > for system users such as the rpc user in /usr/lib/passwd and > leaves /etc/passwd for humans users. This is enabled by the use > of the nss module nss-altfiles which allows one to specify > additional files to be added the the passwd database. rpcbind > however overrides the rule added to /etc/nsswitch.conf and removes > "altfiles" from the list of modules by doing the following: > > __nss_configure_lookup("passwd", "files"); > > This was added in commit 77f7556878d1fe03dc ("[...]use > __nss_configure_lookup() to restrict the [rpc user] lookup") to > remove "nis" form the list of modules and prevent rpcbind from > having a circular dependency on itself. In an OSTree based > operating system however this prevents rpcbind from finding the rpc > user and the service cannot start. > > This patch adds an option --with-nss-modules which allows one > to specify the nss modules which should be searched for user > information. The default setting is "files" which preserves the > current behavior, but this enables one to add other modules to > the search path. > > Signed-off-by: Sami Wagiaalla <swagiaal@redhat.com> Committed.... steved. > --- > Makefile.am | 1 + > configure.ac | 7 +++++++ > src/rpcbind.c | 10 ++++++++-- > 3 files changed, 16 insertions(+), 2 deletions(-) > > diff --git a/Makefile.am b/Makefile.am > index d10c906..e0bc4b4 100644 > --- a/Makefile.am > +++ b/Makefile.am > @@ -6,6 +6,7 @@ AM_CPPFLAGS = \ > -DINET6 \ > -DRPCBIND_STATEDIR="\"$(statedir)\"" \ > -DRPCBIND_USER="\"$(rpcuser)\"" \ > + -DNSS_MODULES="\"$(nss_modules)\"" \ > -D_GNU_SOURCE \ > $(TIRPC_CFLAGS) > > diff --git a/configure.ac b/configure.ac > index 39181f0..5a88cc7 100644 > --- a/configure.ac > +++ b/configure.ac > @@ -27,6 +27,13 @@ AC_ARG_WITH([rpcuser], > ,, [with_rpcuser=root]) > AC_SUBST([rpcuser], [$with_rpcuser]) > > +AC_ARG_WITH([nss_modules], > + AS_HELP_STRING([--with-nss-modules=NSS_MODULES] > + , [Sets the nss module search list to the given space-delimited string. > + For example --with-nss-modules="files altfiles" @<:@default=files@:>@]) > + ,, [with_nss_modules=files]) > +AC_SUBST([nss_modules], [$with_nss_modules]) > + > PKG_CHECK_MODULES([TIRPC], [libtirpc]) > > AS_IF([test x$enable_libwrap = xyes], [ > diff --git a/src/rpcbind.c b/src/rpcbind.c > index 924aca1..e3462e3 100644 > --- a/src/rpcbind.c > +++ b/src/rpcbind.c > @@ -91,6 +91,12 @@ char *rpcbinduser = RPCBIND_USER; > char *rpcbinduser = NULL; > #endif > > +#ifdef NSS_MODULES > +char *nss_modules = NSS_MODULES; > +#else > +char *nss_modules = "files"; > +#endif > + > /* who to suid to if -s is given */ > #define RUN_AS "daemon" > > @@ -165,7 +171,7 @@ main(int argc, char *argv[]) > * Make sure we use the local service file > * for service lookkups > */ > - __nss_configure_lookup("services", "files"); > + __nss_configure_lookup("services", nss_modules); > > nc_handle = setnetconfig(); /* open netconfig file */ > if (nc_handle == NULL) { > @@ -231,7 +237,7 @@ main(int argc, char *argv[]) > * Make sure we use the local password file > * for these lookups. > */ > - __nss_configure_lookup("passwd", "files"); > + __nss_configure_lookup("passwd", nss_modules); > > if((p = getpwnam(id)) == NULL) { > syslog(LOG_ERR, "cannot get uid of '%s': %m", id); > -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/Makefile.am b/Makefile.am index d10c906..e0bc4b4 100644 --- a/Makefile.am +++ b/Makefile.am @@ -6,6 +6,7 @@ AM_CPPFLAGS = \ -DINET6 \ -DRPCBIND_STATEDIR="\"$(statedir)\"" \ -DRPCBIND_USER="\"$(rpcuser)\"" \ + -DNSS_MODULES="\"$(nss_modules)\"" \ -D_GNU_SOURCE \ $(TIRPC_CFLAGS) diff --git a/configure.ac b/configure.ac index 39181f0..5a88cc7 100644 --- a/configure.ac +++ b/configure.ac @@ -27,6 +27,13 @@ AC_ARG_WITH([rpcuser], ,, [with_rpcuser=root]) AC_SUBST([rpcuser], [$with_rpcuser]) +AC_ARG_WITH([nss_modules], + AS_HELP_STRING([--with-nss-modules=NSS_MODULES] + , [Sets the nss module search list to the given space-delimited string. + For example --with-nss-modules="files altfiles" @<:@default=files@:>@]) + ,, [with_nss_modules=files]) +AC_SUBST([nss_modules], [$with_nss_modules]) + PKG_CHECK_MODULES([TIRPC], [libtirpc]) AS_IF([test x$enable_libwrap = xyes], [ diff --git a/src/rpcbind.c b/src/rpcbind.c index 924aca1..e3462e3 100644 --- a/src/rpcbind.c +++ b/src/rpcbind.c @@ -91,6 +91,12 @@ char *rpcbinduser = RPCBIND_USER; char *rpcbinduser = NULL; #endif +#ifdef NSS_MODULES +char *nss_modules = NSS_MODULES; +#else +char *nss_modules = "files"; +#endif + /* who to suid to if -s is given */ #define RUN_AS "daemon" @@ -165,7 +171,7 @@ main(int argc, char *argv[]) * Make sure we use the local service file * for service lookkups */ - __nss_configure_lookup("services", "files"); + __nss_configure_lookup("services", nss_modules); nc_handle = setnetconfig(); /* open netconfig file */ if (nc_handle == NULL) { @@ -231,7 +237,7 @@ main(int argc, char *argv[]) * Make sure we use the local password file * for these lookups. */ - __nss_configure_lookup("passwd", "files"); + __nss_configure_lookup("passwd", nss_modules); if((p = getpwnam(id)) == NULL) { syslog(LOG_ERR, "cannot get uid of '%s': %m", id);