Bug#639529: summary: please add entry to /etc/nsswitch.conf
Hi, first, thank you all for the work on a refurbished autofs package! I would like to draw your attention to #639529, as it would be great to fix this before the wheezy freeze and it's just a minor modification. Let me sum up, as the lengthy history of the issue might be confusing: The name service switch functionality allows to assign different resources for various informations like passwords, groups etc. The resource to use is defined in "/etc/nsswitch.conf". Everybody using the autfs-ldap package needs to add: "automount: files ldap" to "/etc/nsswitch.conf". This activates the look up of mount points in LDAP. For example, this has to be done in debian-edu and debian-lan. The patches already attached above make sure the line needed is added on installation and removed after purging the autofs-ldap package. Modifying "/etc/nsswitch.conf" is fine, cf. [1]. A similar patch has been applied to sudo-ldap, cf. #639530. Thanks, Andi [1] Modifying nsswitch.conf shouldn't be a problem, quoting from http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=610600#34>: "Usually, policy forbids that a package modifies the "configuration file" of another package, but in this case /etc/nsswitch.conf is not a conffile in dpkg sense but just a default. This is on purpose so that packages that need to modify such file do so without having to ask me about that. Therefore, I think we should just modify sudo-ldap so that the required line is added to /etc/nsswitch.conf on postinst and removed on purge, as only users of sudo-ldap need such line, i.e. please do not rely on base-files and just do with nsswitch.conf whatever is required for it to work with your package." -- -- A N D R E A S B. M U N D T GPG key: 4096R/617B586D 2010-03-22 Andreas B. Mundt-- Andreas B. Mundt-- -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#639529: summary: please add entry to /etc/nsswitch.conf
On 03.06.2012 12:21, Andreas B. Mundt wrote: > Hi, > > first, thank you all for the work on a refurbished autofs package! I > would like to draw your attention to #639529, as it would be great to > fix this before the wheezy freeze and it's just a minor modification. > > Let me sum up, as the lengthy history of the issue might be confusing: > > The name service switch functionality allows to assign different > resources for various informations like passwords, groups etc. > The resource to use is defined in "/etc/nsswitch.conf". Everybody > using the autfs-ldap package needs to add: > > "automount: files ldap" Will it be bad if this line will be left out after removing autofs-ldap package, ie, when automount nsswitch entry is listing non-existing lookup method? I guess I should try... I mean, is it a bug to leave "ldap" in there on autofs-ldap removal? Because I want to minimize messing up with this file as much as possible. For example, the user might reorder the entries after installation, but on removal and reinstall we'll move "ldap" entry there to the end, which might be considered a bug too... Thanks, /mjt > to "/etc/nsswitch.conf". This activates the look up of mount points > in LDAP. For example, this has to be done in debian-edu and > debian-lan. > > The patches already attached above make sure the line needed is added > on installation and removed after purging the autofs-ldap package. > Modifying "/etc/nsswitch.conf" is fine, cf. [1]. A similar patch has > been applied to sudo-ldap, cf. #639530. > > Thanks, > > Andi > > > > [1] Modifying nsswitch.conf shouldn't be a problem, quoting from > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=610600#34>: > > "Usually, policy forbids that a package modifies the "configuration > file" of another package, but in this case /etc/nsswitch.conf is not a > conffile in dpkg sense but just a default. This is on purpose so that > packages that need to modify such file do so without having to ask me > about that. > > Therefore, I think we should just modify sudo-ldap so that the > required line is added to /etc/nsswitch.conf on postinst and removed > on purge, as only users of sudo-ldap need such line, i.e. please do > not rely on base-files and just do with nsswitch.conf whatever is > required for it to work with your package." > > > -- > > -- > > A N D R E A S B. M U N D T > > GPG key: 4096R/617B586D 2010-03-22 Andreas B. Mundt-- >Andreas B. Mundt-- > > > > > -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#639529: summary: please add entry to /etc/nsswitch.conf
Hi Michael, On Sun, Jun 03, 2012 at 02:42:43PM +0400, Michael Tokarev wrote: > On 03.06.2012 12:21, Andreas B. Mundt wrote: > > Hi, > > > > first, thank you all for the work on a refurbished autofs package! I > > would like to draw your attention to #639529, as it would be great to > > fix this before the wheezy freeze and it's just a minor modification. > > > > Let me sum up, as the lengthy history of the issue might be confusing: > > > > The name service switch functionality allows to assign different > > resources for various informations like passwords, groups etc. > > The resource to use is defined in "/etc/nsswitch.conf". Everybody > > using the autfs-ldap package needs to add: > > > > "automount: files ldap" > > Will it be bad if this line will be left out after removing > autofs-ldap package, ie, when automount nsswitch entry is > listing non-existing lookup method? I guess I should try... > Apart from leaving cruft back, I guess it should not hurt. > I mean, is it a bug to leave "ldap" in there on autofs-ldap > removal? Not sure if "leaving cruft behind" is a bug in this case. > Because I want to minimize messing up with this file as much > as possible. For example, the user might reorder the entries > after installation, but on removal and reinstall we'll move > "ldap" entry there to the end, which might be considered a > bug too... If there is already an "automount: ... "-entry, nothing should happen. If it's missing, it'll be added at the end. >From what I learned in the discussions about "/etc/nsswitch.conf", I suspect the order of entries does not matter. (http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=639530#10>) Best regards, Andi -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#639529: summary: please add entry to /etc/nsswitch.conf
On 03.06.2012 15:15, Andreas B. Mundt wrote:
[]
>>> "automount: files ldap"
>>
>> Will it be bad if this line will be left out after removing autofs-ldap
>> package, ie, when automount nsswitch entry is listing non-existing lookup
>> method? I guess I should try...
>
> Apart from leaving cruft back, I guess it should not hurt.
>
>> I mean, is it a bug to leave "ldap" in there on autofs-ldap removal?
>
> Not sure if "leaving cruft behind" is a bug in this case.
Not really - automount may start complaining or failing. But
apparently it does not. I mean the situation when we leave
`automount: files ldap' line in there on removal of autofs-ldap
package, when autofs package itself is still installed and
functioning.
And I really dislike this way of leaving ldap entry in place
in this case, even if automount itself appears to be working
fine - I'd say it works by incident not by design, as it should
complain about such an error.
So, on autofs-ldap removal, we should remove ldap entry from
automount nsswitch.conf line. And here we've a few other issues
to sort out. For example, say, we added `files ldap' into it
automaticlaly, and the user later changed that to `ldap': in
this case we can't remove just the ldap entry, since the line
will be wrong in this case.
And we definitely can not remove whole line too, like is done
in sudo-ldap case: we also have hesiod map which should be
handled the same way!
So... I'm not sure what to do really. Too much smarts often
becomes dumber than doing nothing at all... :)
[]
> From what I learned in the discussions about "/etc/nsswitch.conf", I suspect
> the order of entries does not matter.
> (http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=639530#10>)
Well, automount (or any other lookup "consumer" for that matter) should
choose one entry from several available. For example, you can't
expect getpwnam("root") returning TWO entries, if passwd: entry in
nsswitch lists, eg, `files, ldap' and BOTH has definition for the
root user. So order definitely does matter.
Thanks,
/mjt
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#639529: summary: please add entry to /etc/nsswitch.conf
On Sun, Jun 03, 2012 at 04:06:37PM +0400, Michael Tokarev wrote:
> On 03.06.2012 15:15, Andreas B. Mundt wrote:
> []
> >>> "automount: files ldap"
> >>
> >> Will it be bad if this line will be left out after removing autofs-ldap
> >> package, ie, when automount nsswitch entry is listing non-existing lookup
> >> method? I guess I should try...
> >
> > Apart from leaving cruft back, I guess it should not hurt.
> >
> >> I mean, is it a bug to leave "ldap" in there on autofs-ldap removal?
> >
> > Not sure if "leaving cruft behind" is a bug in this case.
>
> Not really - automount may start complaining or failing. But
> apparently it does not. I mean the situation when we leave
> `automount: files ldap' line in there on removal of autofs-ldap
> package, when autofs package itself is still installed and
> functioning.
>
> And I really dislike this way of leaving ldap entry in place
> in this case, even if automount itself appears to be working
> fine - I'd say it works by incident not by design, as it should
> complain about such an error.
I guess autofs doesn't use "nsswitch.conf" at all, does it?
> So, on autofs-ldap removal, we should remove ldap entry from
> automount nsswitch.conf line. And here we've a few other issues
> to sort out. For example, say, we added `files ldap' into it
> automaticlaly, and the user later changed that to `ldap': in
> this case we can't remove just the ldap entry, since the line
> will be wrong in this case.
Right.
> And we definitely can not remove whole line too, like is done
> in sudo-ldap case: we also have hesiod map which should be
> handled the same way!
No idea about hesiod. Does it use "nsswitch.conf"?
> So... I'm not sure what to do really. Too much smarts often
> becomes dumber than doing nothing at all... :)
>
Yes, again things are more complicated than expected on a first
sight...
> []
> > From what I learned in the discussions about "/etc/nsswitch.conf", I
> > suspect the order of entries does not matter.
> > (http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=639530#10>)
>
> Well, automount (or any other lookup "consumer" for that matter) should
> choose one entry from several available. For example, you can't
> expect getpwnam("root") returning TWO entries, if passwd: entry in
> nsswitch lists, eg, `files, ldap' and BOTH has definition for the
> root user. So order definitely does matter.
Oh sorry, I got you wrong, I meant the ordering of the lines. Of
course the order of entries in a single line matters, it tries the
first, then the second and so on.
Regards,
Andi
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#639529: summary: please add entry to /etc/nsswitch.conf
On 03.06.2012 16:55, Andreas B. Mundt wrote: > On Sun, Jun 03, 2012 at 04:06:37PM +0400, Michael Tokarev wrote: > I guess autofs doesn't use "nsswitch.conf" at all, does it? Apparently it does -- this is the very end of default /etc/auto.master file: # Include central master map if it can be found using # nsswitch sources. # # Note that if there are entries for /net or /misc (as # above) in the included master map any keys that are the # same will not be seen as the first read key seen takes # precedence. # +auto.master When I put a map into "automount" line in nsswitch.conf which does not exist, it logs the following line into daemon.log: automount[1519]: ignored unsupported autofs nsswitch source "xyz" the same happens with ldap if it is in that line and there's no /usr/lib/autofs/lookup_ldap.so file found. But wait. What else uses nsswitch automount entry if not automount itself? >> So, on autofs-ldap removal, we should remove ldap entry from >> automount nsswitch.conf line. And here we've a few other issues >> to sort out. For example, say, we added `files ldap' into it >> automaticlaly, and the user later changed that to `ldap': in >> this case we can't remove just the ldap entry, since the line >> will be wrong in this case. > > Right. > >> And we definitely can not remove whole line too, like is done >> in sudo-ldap case: we also have hesiod map which should be >> handled the same way! > > No idea about hesiod. Does it use "nsswitch.conf"? It is configured the same way as ldap: using nsswitch.conf. All maps also can be used directly as well, by specifying map-type properly in /etc/auto.master. >> So... I'm not sure what to do really. Too much smarts often >> becomes dumber than doing nothing at all... :) > > Yes, again things are more complicated than expected on a first > sight... So the only question remains: do you have other users of automount entry in nsswitch.conf except of autofs package itself (where it has other mechanism too) ? I'm about to mark this bug as a wishlist wontfix really... ;) Thanks, /mjt -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#639529: summary: please add entry to /etc/nsswitch.conf
Hi Michael, On Sun, Jun 03, 2012 at 05:46:25PM +0400, Michael Tokarev wrote: > On 03.06.2012 16:55, Andreas B. Mundt wrote: > > On Sun, Jun 03, 2012 at 04:06:37PM +0400, Michael Tokarev wrote: > > > I guess autofs doesn't use "nsswitch.conf" at all, does it? > > Apparently it does -- this is the very end of default /etc/auto.master > file: > > # Include central master map if it can be found using > # nsswitch sources. > # > # Note that if there are entries for /net or /misc (as > # above) in the included master map any keys that are the > # same will not be seen as the first read key seen takes > # precedence. > # > +auto.master > > When I put a map into "automount" line in nsswitch.conf > which does not exist, it logs the following line into > daemon.log: > > automount[1519]: ignored unsupported autofs nsswitch source "xyz" > > the same happens with ldap if it is in that line and > there's no /usr/lib/autofs/lookup_ldap.so file found. OK. [...] > > So the only question remains: do you have other users of > automount entry in nsswitch.conf except of autofs package > itself (where it has other mechanism too) ? I do not know of any. > I'm about to mark this bug as a wishlist wontfix really... ;) Yes, I agree, maybe it's better to do nothing by default. Instead of supporting one setup but spoiling the others. Thank you very much for taking the time on the issue. Best regards, Andi -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
