#2940 The member link is not removed when the last group's nested member goes away
Closed: Fixed None Opened 4 years ago by jhrozek.

To reproduce:

    ipa user-add bottomusr
    ipa group-add bottomgr
    ipa group-add-member --users=bottomusr bottomgr
    ipa group-add topgr
    ipa group-add-member --groups=bottomgr topgr

    getent group topgr
    getent passwd bottomusr

    ipa group-remove-member --groups=bottomgr topgr

    sudo sss_cache -E
    getent group topgr

This is similar to bug #2939 except the extra getent passwd step here. With the getent passwd, we turn the ghost entry into a full member entry (which we then fail to remove, too)


Fields changed

description: To reproduce:
{{{
ipa user-add bottomusr
ipa group-add bottomgr
ipa group-add-member --users=bottomusr bottomgr
ipa group-add topgr
ipa group-add-member --groups=bottomgr topgr

getent group topgr
getent passwd bottomusr

ipa group-remove-member --groups=bottomgr topgr

sudo sss_cache -E
getent passwd topgr

}}}

This is similar to bug #2939 except the extra getent passwd step here. With the getent passwd, we turn the ghost entry into a full member entry (which we then fail to remove, too)
=> To reproduce:
{{{
ipa user-add bottomusr
ipa group-add bottomgr
ipa group-add-member --users=bottomusr bottomgr
ipa group-add topgr
ipa group-add-member --groups=bottomgr topgr

getent group topgr
getent passwd bottomusr

ipa group-remove-member --groups=bottomgr topgr

sudo sss_cache -E
getent group topgr

}}}

This is similar to bug #2939 except the extra getent passwd step here. With the getent passwd, we turn the ghost entry into a full member entry (which we then fail to remove, too)

Fields changed

rhbz: => todo

I have a patch in my branch, picking up

milestone: NEEDS_TRIAGE => SSSD 1.14 alpha
owner: somebody => jhrozek
status: new => assigned

Bugfixes shouldn't block the Beta release.

milestone: SSSD 1.14 alpha => SSSD 1.14.0

So far nobody complained about this bug and we need to keep the 1.14.0 release smaller. But since there is a fix, only moving to the small 1.15 release.

milestone: SSSD 1.14.0 => SSSD 1.15 Beta

Fields changed

owner: jhrozek => pcech
status: assigned => new

Fields changed

status: new => assigned

Fields changed

patch: 0 => 1

resolution: => fixed
status: assigned => closed

I would like to ask if we need patch for 1.13.3 too.

I'm not sure, but I lean towards backporting it. The bug was there since forever, has an easy workaround (remove the cache) and removing group members is a relatively rare operation. On the other hand, the bug can cause extra memberships to be applied to the user.

(btw, quite few developers are reading all ticket updates, if you want to reach everyone, just writing to sssd-devel might be better..)

Replying to [comment:11 jhrozek]:

I'm not sure, but I lean towards backporting it. The bug was there since forever, has an easy workaround (remove the cache) and removing group members is a relatively rare operation.

While I do agree with you, I still know about customers who often use small groups with just one or two members to test basic functionality.

Replying to [comment:12 tscherf]:

Replying to [comment:11 jhrozek]:

I'm not sure, but I lean towards backporting it. The bug was there since forever, has an easy workaround (remove the cache) and removing group members is a relatively rare operation.

While I do agree with you, I still know about customers who often use small groups with just one or two members to test basic functionality.
Then if Petr agrees and this is not so much work, then I'm fine with backporting these patches to stable branches. But please note that for RHEL, we would still need a bugzilla for RHEL-6, IIRC we have one only for RHEL-7.4 which would be solved by this ticket already because we are rebasing sssd in 7.4 to 1.15.

Metadata Update from @jhrozek:
- Issue assigned to pcech
- Issue set to the milestone: SSSD 1.15.3

3 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/3981

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Login to comment on this ticket.

Metadata