diff options
author | Lennart Poettering <lennart@poettering.net> | 2017-09-14 06:20:39 +0200 |
---|---|---|
committer | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2017-09-14 06:20:39 +0200 |
commit | fe102d6ab15731a199a7ea9f38c4f68d8959f86c (patch) | |
tree | 86924b64aa061842688fb2a5d3253635d4784ea4 /src/nss-systemd/nss-systemd.c | |
parent | d5df18e4b6d39b0c5e0abf6031e53d28bdfd9243 (diff) | |
download | systemd-fe102d6ab15731a199a7ea9f38c4f68d8959f86c.tar.gz |
nss-systemd,sysusers: make sure sysusers doesn't get confused by nss-systemd (#6812)
In nss-systemd we synthesize user entries for "nobody" and "root", as
fallback if we boot up with an entirely empty /etc. This is supposed to
be a fallback only though, and it's intended that both users exists
regularly in /etc/passwd + /etc/group. Before this patch
systemd-sysusers would never create the entries however as it notices
the synthetic entries. Let's add a way how systemd-sysusers can tell
nss-systemd not to synthesize the entries for itself.
Fixes: #6808
Diffstat (limited to 'src/nss-systemd/nss-systemd.c')
-rw-r--r-- | src/nss-systemd/nss-systemd.c | 80 |
1 files changed, 44 insertions, 36 deletions
diff --git a/src/nss-systemd/nss-systemd.c b/src/nss-systemd/nss-systemd.c index f404755dac..37745b3103 100644 --- a/src/nss-systemd/nss-systemd.c +++ b/src/nss-systemd/nss-systemd.c @@ -129,15 +129,17 @@ enum nss_status _nss_systemd_getpwnam_r( goto not_found; /* Synthesize entries for the root and nobody users, in case they are missing in /etc/passwd */ - if (streq(name, root_passwd.pw_name)) { - *pwd = root_passwd; - *errnop = 0; - return NSS_STATUS_SUCCESS; - } - if (streq(name, nobody_passwd.pw_name)) { - *pwd = nobody_passwd; - *errnop = 0; - return NSS_STATUS_SUCCESS; + if (getenv_bool("SYSTEMD_NSS_BYPASS_SYNTHETIC") <= 0) { + if (streq(name, root_passwd.pw_name)) { + *pwd = root_passwd; + *errnop = 0; + return NSS_STATUS_SUCCESS; + } + if (streq(name, nobody_passwd.pw_name)) { + *pwd = nobody_passwd; + *errnop = 0; + return NSS_STATUS_SUCCESS; + } } /* Make sure that we don't go in circles when allocating a dynamic UID by checking our own database */ @@ -231,15 +233,17 @@ enum nss_status _nss_systemd_getpwuid_r( goto not_found; /* Synthesize data for the root user and for nobody in case they are missing from /etc/passwd */ - if (uid == root_passwd.pw_uid) { - *pwd = root_passwd; - *errnop = 0; - return NSS_STATUS_SUCCESS; - } - if (uid == nobody_passwd.pw_uid) { - *pwd = nobody_passwd; - *errnop = 0; - return NSS_STATUS_SUCCESS; + if (getenv_bool("SYSTEMD_NSS_BYPASS_SYNTHETIC") <= 0) { + if (uid == root_passwd.pw_uid) { + *pwd = root_passwd; + *errnop = 0; + return NSS_STATUS_SUCCESS; + } + if (uid == nobody_passwd.pw_uid) { + *pwd = nobody_passwd; + *errnop = 0; + return NSS_STATUS_SUCCESS; + } } if (uid <= SYSTEM_UID_MAX) @@ -331,15 +335,17 @@ enum nss_status _nss_systemd_getgrnam_r( goto not_found; /* Synthesize records for root and nobody, in case they are missing form /etc/group */ - if (streq(name, root_group.gr_name)) { - *gr = root_group; - *errnop = 0; - return NSS_STATUS_SUCCESS; - } - if (streq(name, nobody_group.gr_name)) { - *gr = nobody_group; - *errnop = 0; - return NSS_STATUS_SUCCESS; + if (getenv_bool("SYSTEMD_NSS_BYPASS_SYNTHETIC") <= 0) { + if (streq(name, root_group.gr_name)) { + *gr = root_group; + *errnop = 0; + return NSS_STATUS_SUCCESS; + } + if (streq(name, nobody_group.gr_name)) { + *gr = nobody_group; + *errnop = 0; + return NSS_STATUS_SUCCESS; + } } if (getenv_bool("SYSTEMD_NSS_DYNAMIC_BYPASS") > 0) @@ -430,15 +436,17 @@ enum nss_status _nss_systemd_getgrgid_r( goto not_found; /* Synthesize records for root and nobody, in case they are missing from /etc/group */ - if (gid == root_group.gr_gid) { - *gr = root_group; - *errnop = 0; - return NSS_STATUS_SUCCESS; - } - if (gid == nobody_group.gr_gid) { - *gr = nobody_group; - *errnop = 0; - return NSS_STATUS_SUCCESS; + if (getenv_bool("SYSTEMD_NSS_BYPASS_SYNTHETIC") <= 0) { + if (gid == root_group.gr_gid) { + *gr = root_group; + *errnop = 0; + return NSS_STATUS_SUCCESS; + } + if (gid == nobody_group.gr_gid) { + *gr = nobody_group; + *errnop = 0; + return NSS_STATUS_SUCCESS; + } } if (gid <= SYSTEM_GID_MAX) |