#3919 sss_cache prints spurious error messages when invoked from shadow-utils on package install
Closed: Fixed 2 years ago by jhrozek. Opened 2 years ago by thalman.

Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 8): Bug 1661182

+++ This bug was initially created as a clone of Bug #1659656 +++

Description of problem:

When I upgraded the clamav 0.101.0-1 packages from Koji using dnf, I saw the
following errors in the clamav-filesystem, clamd, and clamav-milter pre-install
scriplets:

[sss_cache] [confdb_get_domains] (0x0010): No domains configured, fatal error!
Could not open available domains
usermod: sss_cache exited with status 2
usermod: Failed to flush the sssd cache.

The error appears to involve no domains being configured for the sss cache of
sssd. The upgrade completed as shown in the full output I put in the additional
infomation part.

Version-Release number of selected component (if applicable):
clamav-0.101.0-1.fc29.i686

How reproducible:

I ran the update once.

Steps to Reproduce:
1. sudo dnf upgrade https://kojipkgs.fedoraproject.org//packages/clamav/0.101.0
/1.fc29/i686/clamav-0.101.0-1.fc29.i686.rpm https://kojipkgs.fedoraproject.org/
/packages/clamav/0.101.0/1.fc29/i686/clamav-lib-0.101.0-1.fc29.i686.rpm https:/
/kojipkgs.fedoraproject.org//packages/clamav/0.101.0/1.fc29/i686/clamav-milter-
0.101.0-1.fc29.i686.rpm https://kojipkgs.fedoraproject.org//packages/clamav/0.1
01.0/1.fc29/i686/clamav-update-0.101.0-1.fc29.i686.rpm https://kojipkgs.fedorap
roject.org//packages/clamav/0.101.0/1.fc29/noarch/clamav-data-0.101.0-1.fc29.no
arch.rpm https://kojipkgs.fedoraproject.org//packages/clamav/0.101.0/1.fc29/noa
rch/clamav-filesystem-0.101.0-1.fc29.noarch.rpm https://kojipkgs.fedoraproject.
org//packages/clamav/0.101.0/1.fc29/i686/clamd-0.101.0-1.fc29.i686.rpm

2.
3.

Actual results:

I saw errors in the clamav-filesystem, clamd, and clamav-milter pre-install
scriplets during the clamav 0.101.0-1 upgrade from Koji.

Expected results:

No errors in the clamav upgrade


Additional info:

The full output of the upgrade was the following:

sudo dnf upgrade https://kojipkgs.fedoraproject.org//packages/clamav/0.101.0/1.
fc29/i686/clamav-0.101.0-1.fc29.i686.rpm https://kojipkgs.fedoraproject.org//pa
ckages/clamav/0.101.0/1.fc29/i686/clamav-lib-0.101.0-1.fc29.i686.rpm https://ko
jipkgs.fedoraproject.org//packages/clamav/0.101.0/1.fc29/i686/clamav-milter-0.1
01.0-1.fc29.i686.rpm https://kojipkgs.fedoraproject.org//packages/clamav/0.101.
0/1.fc29/i686/clamav-update-0.101.0-1.fc29.i686.rpm https://kojipkgs.fedoraproj
ect.org//packages/clamav/0.101.0/1.fc29/noarch/clamav-data-0.101.0-1.fc29.noarc
h.rpm https://kojipkgs.fedoraproject.org//packages/clamav/0.101.0/1.fc29/noarch
/clamav-filesystem-0.101.0-1.fc29.noarch.rpm https://kojipkgs.fedoraproject.org
//packages/clamav/0.101.0/1.fc29/i686/clamd-0.101.0-1.fc29.i686.rpm
Last metadata expiration check: 18:35:08 ago on Thu 13 Dec 2018 10:39:02 PM
EST.
clamav-0.101.0-1.fc29.i686.rpm                     254 kB/s | 360 kB     00:01
clamav-lib-0.101.0-1.fc29.i686.rpm                 641 kB/s | 831 kB     00:01
clamav-milter-0.101.0-1.fc29.i686.rpm               56 kB/s |  98 kB     00:01
clamav-update-0.101.0-1.fc29.i686.rpm              112 kB/s |  89 kB     00:00
clamav-data-0.101.0-1.fc29.noarch.rpm              1.4 MB/s | 163 MB     01:55
clamav-filesystem-0.101.0-1.fc29.noarch.rpm         24 kB/s |  14 kB     00:00
clamd-0.101.0-1.fc29.i686.rpm                       61 kB/s | 105 kB     00:01
Dependencies resolved.
===============================================================================
====
 Package                Arch        Version                Repository
Size
===============================================================================
====
Upgrading:
 clamav                 i686        0.101.0-1.fc29         @commandline
360 k
 clamav-lib             i686        0.101.0-1.fc29         @commandline
831 k
 clamav-milter          i686        0.101.0-1.fc29         @commandline
98 k
 clamav-update          i686        0.101.0-1.fc29         @commandline
89 k
 clamav-data            noarch      0.101.0-1.fc29         @commandline
163 M
 clamav-filesystem      noarch      0.101.0-1.fc29         @commandline
14 k
 clamd                  i686        0.101.0-1.fc29         @commandline
105 k

Transaction Summary
===============================================================================
====
Upgrade  7 Packages

Total size: 165 M
Is this ok [y/N]: y
Downloading Packages:
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :
1/1
  Running scriptlet: clamav-filesystem-0.101.0-1.fc29.noarch
1/1
  Running scriptlet: clamav-filesystem-0.101.0-1.fc29.noarch
1/14
(Fri Dec 14 17:17:58:926064 2018) [sss_cache] [confdb_get_domains] (0x0010): No
domains configured, fatal error!
Could not open available domains
usermod: sss_cache exited with status 2
usermod: Failed to flush the sssd cache.

  Upgrading        : clamav-filesystem-0.101.0-1.fc29.noarch
1/14
  Upgrading        : clamav-data-0.101.0-1.fc29.noarch
2/14
  Upgrading        : clamav-update-0.101.0-1.fc29.i686
3/14
  Running scriptlet: clamav-update-0.101.0-1.fc29.i686
3/14
warning: /etc/freshclam.conf created as /etc/freshclam.conf.rpmnew

  Upgrading        : clamav-lib-0.101.0-1.fc29.i686
4/14
  Running scriptlet: clamav-lib-0.101.0-1.fc29.i686
4/14
  Upgrading        : clamav-0.101.0-1.fc29.i686
5/14
  Running scriptlet: clamd-0.101.0-1.fc29.i686
6/14
(Fri Dec 14 17:18:58:840220 2018) [sss_cache] [confdb_get_domains] (0x0010): No
domains configured, fatal error!
Could not open available domains
usermod: sss_cache exited with status 2
usermod: Failed to flush the sssd cache.

  Upgrading        : clamd-0.101.0-1.fc29.i686
6/14
  Running scriptlet: clamd-0.101.0-1.fc29.i686
6/14
  Running scriptlet: clamav-milter-0.101.0-1.fc29.i686
7/14
(Fri Dec 14 17:19:00:767503 2018) [sss_cache] [confdb_get_domains] (0x0010): No
domains configured, fatal error!
Could not open available domains
usermod: sss_cache exited with status 2
usermod: Failed to flush the sssd cache.

  Upgrading        : clamav-milter-0.101.0-1.fc29.i686
7/14
  Running scriptlet: clamav-milter-0.101.0-1.fc29.i686
7/14
  Running scriptlet: clamd-0.100.2-2.fc29.i686
8/14
  Cleanup          : clamd-0.100.2-2.fc29.i686
8/14
  Running scriptlet: clamd-0.100.2-2.fc29.i686
8/14
  Cleanup          : clamav-0.100.2-2.fc29.i686
9/14
  Cleanup          : clamav-lib-0.100.2-2.fc29.i686
10/14
  Running scriptlet: clamav-lib-0.100.2-2.fc29.i686
10/14
  Cleanup          : clamav-update-0.100.2-2.fc29.i686
11/14
  Cleanup          : clamav-data-0.100.2-2.fc29.noarch
12/14
  Running scriptlet: clamav-milter-0.100.2-2.fc29.i686
13/14
  Cleanup          : clamav-milter-0.100.2-2.fc29.i686
13/14
  Running scriptlet: clamav-milter-0.100.2-2.fc29.i686
13/14
  Cleanup          : clamav-filesystem-0.100.2-2.fc29.noarch
14/14
  Running scriptlet: clamav-filesystem-0.100.2-2.fc29.noarch
14/14
  Verifying        : clamav-0.101.0-1.fc29.i686
1/14
  Verifying        : clamav-0.100.2-2.fc29.i686
2/14
  Verifying        : clamav-lib-0.101.0-1.fc29.i686
3/14
  Verifying        : clamav-lib-0.100.2-2.fc29.i686
4/14
  Verifying        : clamav-milter-0.101.0-1.fc29.i686
5/14
  Verifying        : clamav-milter-0.100.2-2.fc29.i686
6/14
  Verifying        : clamav-update-0.101.0-1.fc29.i686
7/14
  Verifying        : clamav-update-0.100.2-2.fc29.i686
8/14
  Verifying        : clamav-data-0.101.0-1.fc29.noarch
9/14
  Verifying        : clamav-data-0.100.2-2.fc29.noarch
10/14
  Verifying        : clamav-filesystem-0.101.0-1.fc29.noarch
11/14
  Verifying        : clamav-filesystem-0.100.2-2.fc29.noarch
12/14
  Verifying        : clamd-0.101.0-1.fc29.i686
13/14
  Verifying        : clamd-0.100.2-2.fc29.i686
14/14

Upgraded:
  clamav-0.101.0-1.fc29.i686            clamav-lib-0.101.0-1.fc29.i686
  clamav-milter-0.101.0-1.fc29.i686     clamav-update-0.101.0-1.fc29.i686
  clamav-data-0.101.0-1.fc29.noarch     clamav-filesystem-0.101.0-1.fc29.noarch
  clamd-0.101.0-1.fc29.i686

Complete!

--- Additional comment from Orion Poplawski on 2018-12-15 00:02:28 UTC ---

The scriptlet is running:

usermod %{updateuser} -a -G virusgroup

The guidelines for users and groups
(https://docs.fedoraproject.org/en-US/packaging-guidelines/UsersAndGroups/)
does not directly address calling usermod, but the useradd examples do not
redirect stderr - presumably because it is useful at times.

I'm guessing that usermod is calling sss_cache.  I'm not really sure what
should be done here.  Let's see if the SSSD folks have an opinion about whether
generating this error output is useful.  It's also possible that usermod should
be ignoring this error.

--- Additional comment from Miro Hrončok on 2018-12-19 11:09:42 UTC ---

One of our students was just hit by this at a Fedora 29 workstation.

He run:

$ sudo usermod -a -G dialout username

And got:

(Wed Dec 19 11:58:00:558187 2018) [sss_cache] [confdb_get_domains] (0x0010): No
domains configured, fatal error!

Could not open available domains

usermod: sss_cache exited with status 2

usermod: Failed to flush the sssd cache.


I cannot reproduce it on my own machine or a virtual one.

I've changed the component to shadow-utils, so the maintainers are aware as
well.

--- Additional comment from Jakub Hrozek on 2018-12-19 11:15:56 UTC ---

(In reply to Miro Hrončok from comment #2)
> One of our students was just hit by this at a Fedora 29 workstation.
>
> He run:
>
> $ sudo usermod -a -G dialout username
>
> And got:
>
> (Wed Dec 19 11:58:00:558187 2018) [sss_cache] [confdb_get_domains] (0x0010):
> No domains configured, fatal error!
>
> Could not open available domains
>
> usermod: sss_cache exited with status 2
>
> usermod: Failed to flush the sssd cache.
>
>
> I cannot reproduce it on my own machine or a virtual one.
>
> I've changed the component to shadow-utils, so the maintainers are aware as
> well.

shadow-utils only execs sss_cache, so sssd is the proper component. But for
some reason (BZ upgrade?) I can't reassign the bug back.

--- Additional comment from Sumit Bose on 2018-12-19 11:43:15 UTC ---

Here you are, clicking the Component and hitting backspace worked for me.

--- Additional comment from Tomas Mraz on 2018-12-19 13:00:50 UTC ---

Perhaps the sss_cache should be silent by default on such errors?

--- Additional comment from Jakub Hrozek on 2018-12-19 13:27:10 UTC ---

(In reply to Tomas Mraz from comment #5)
> Perhaps the sss_cache should be silent by default on such errors?

Yes and the errors should not be produced IMO (IOW, no domains should be just a
no-op).

Also, I'm not sure how a no-domains error happens, there should always be at
least the implicit files domain.

Metadata Update from @thalman:
- Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1661182

2 years ago

Metadata Update from @lslebodn:
- Issue assigned to lslebodn

2 years ago

Metadata Update from @lslebodn:
- Issue tagged with: PR

2 years ago

Metadata Update from @jhrozek:
- Issue close_status updated to: Fixed
- Issue status updated to: Closed (was: Open)

2 years ago

Metadata Update from @lslebodn:
- Custom field design_review adjusted to on
- Custom field mark adjusted to on
- Custom field patch adjusted to on
- Custom field review adjusted to on
- Custom field sensitive adjusted to on
- Custom field testsupdated adjusted to on
- Issue status updated to: Open (was: Closed)

2 years ago

Additional fixes:
* master:
* 159a231
* 2de3c5f
* sssd-1-16:
* 6c80847
* 3ec716b

Metadata Update from @jhrozek:
- Issue close_status updated to: Fixed
- Issue status updated to: Closed (was: Open)

2 years ago

Metadata Update from @jhrozek:
- Issue set to the milestone: SSSD 2.1

2 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/4904

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Login to comment on this ticket.

Metadata