From owner-freebsd-current@FreeBSD.ORG Mon Apr 28 04:19:03 2003 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E116337B401; Mon, 28 Apr 2003 04:19:03 -0700 (PDT) Received: from gw.nectar.cc (gw.nectar.cc [208.42.49.153]) by mx1.FreeBSD.org (Postfix) with ESMTP id E087643F3F; Mon, 28 Apr 2003 04:19:00 -0700 (PDT) (envelope-from nectar@celabo.org) Received: from madman.celabo.org (madman.celabo.org [10.0.1.111]) (using TLSv1 with cipher EDH-RSA-DES-CBC3-SHA (168/168 bits)) (Client CN "madman.celabo.org", Issuer "celabo.org CA" (verified OK)) by gw.nectar.cc (Postfix) with ESMTP id 5E8CA4; Mon, 28 Apr 2003 06:19:00 -0500 (CDT) Received: by madman.celabo.org (Postfix, from userid 1001) id AB2D378C66; Mon, 28 Apr 2003 06:18:59 -0500 (CDT) Date: Mon, 28 Apr 2003 06:18:59 -0500 From: "Jacques A. Vidrine" To: Vallo Kallaste , freebsd-current@freebsd.org, Tim Robbins Message-ID: <20030428111859.GA2923@madman.celabo.org> Mail-Followup-To: "Jacques A. Vidrine" , Vallo Kallaste , freebsd-current@freebsd.org, Tim Robbins References: <20030428075916.GA53857@myhakas.internal> <20030428190209.A21656@dilbert.robbins.dropbear.id.au> <20030428075916.GA53857@myhakas.internal> <20030428080505.GA1474@chihiro.leafy.idv.tw> <20030428075916.GA53857@myhakas.internal> <20030428105521.GB2676@madman.celabo.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20030428105521.GB2676@madman.celabo.org> X-Url: http://www.celabo.org/ User-Agent: Mutt/1.5.3i-ja.1 Subject: Re: Somethings still up with new NSS? X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 28 Apr 2003 11:19:04 -0000 On Mon, Apr 28, 2003 at 05:55:21AM -0500, Jacques A. Vidrine wrote: > I thought the relative dearth of critical bug reports so far was too > good to be true :-) > > Sounds like I have introduced a bug into `pwd_mkdb -u', which is the > common denominator in your reports. `passwd', `chsh', `pw' all use > `pwd_mkdb -u', whereas vipw uses plain `pwd_mkdb'. > > I will look at it closely today! > > Meanwhile, if this happens to you, just run `vipw' or `pwd_mkdb' to > rebuild your database. Here's the scoop: The NSS commit included changes to update the format of /etc/pwd.db and /etc/spwd.db pre-processed passwd(5) files so that they could be moved from architecture to architecture. To enable compatibility with old binaries, the format includes versioned entries. (The `old version' is version 3; the `new version' is version 4.) pwd_mkdb(8) rebuilds the databases from /etc/master.passwd. This utility can either rebuild the entire database, which is the default behavior, or it can update only a single entry, which is the behavior requested by the `-u' option. passwd(1), chsh(1) and similar tools use the `-u' option. Now if you run `pwd_mkdb' built after the NSS commit, everything is fine. Version 3 and version 4 entries are created. Your old and new binaries will `see' all the users. But, if you run `pwd_mkdb -u' BEFORE you rebuild the entire database with plain `pwd_mkdb', the database will have version 3 entries for all of your users, but only a version 4 entry for the single target user. Old binaries still function fine, but new binaries now `see' that the database supports the new version 4 entries. So, only the single user that was updated is recognized. So until I add logic to pwd_mkdb(8) to recognize and deal appropriately with this situation, it is best to run pwd_mkdb once manually after the NSS commit. Cheers, -- Jacques Vidrine . NTT/Verio SME . FreeBSD UNIX . Heimdal nectar@celabo.org . jvidrine@verio.net . nectar@freebsd.org . nectar@kth.se