The nightly test test_sssd.py::TestNestedMembers::test_nested_group_members is failing on fedora 40+.
test_sssd.py::TestNestedMembers::test_nested_group_members
See PR #3783 with the logs and report:
cmd = ['ssh', '-i', '/tmp/user_ssh_priv_key', '-q', '{}@{}'.format(self.username, client.hostname), 'groups'] > cmd_output = master.run_command(cmd) test_integration/test_sssd.py:678: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = <ipatests.pytest_ipa.integration.host.Host master.ipa.test (master)> argv = ['ssh', '-i', '/tmp/user_ssh_priv_key', '-q', 'testuser001@client0.ipa.test', 'groups'] set_env = True, stdin_text = None, log_stdout = True, raiseonerr = True cwd = None, bg = False, encoding = 'utf-8', ok_returncode = 0 def run_command(self, argv, set_env=True, stdin_text=None, log_stdout=True, raiseonerr=True, cwd=None, bg=False, encoding='utf-8', ok_returncode=0): """Wrapper around run_command to log stderr on raiseonerr=True :param ok_returncode: return code considered to be correct, you can pass an integer or sequence of integers """ result = super().run_command( argv, set_env=set_env, stdin_text=stdin_text, log_stdout=log_stdout, raiseonerr=False, cwd=cwd, bg=bg, encoding=encoding ) # in FIPS mode SSH may print noise to stderr, remove the string # "FIPS mode initialized" + optional newline. result.stderr_bytes = FIPS_NOISE_RE.sub(b'', result.stderr_bytes) try: result_ok = result.returncode in ok_returncode except TypeError: result_ok = result.returncode == ok_returncode if not result_ok and raiseonerr: result.log.error('stderr: %s', result.stderr_text) > raise subprocess.CalledProcessError( result.returncode, argv, result.stdout_text, result.stderr_text ) E subprocess.CalledProcessError: Command '['ssh', '-i', '/tmp/user_ssh_priv_key', '-q', 'testuser001@client0.ipa.test', 'groups']' returned non-zero exit status 255. pytest_ipa/integration/host.py:202: CalledProcessError
Test scenario: - install IPA server and client - generate a ssh key pair for the user testuser - add the user to groupa, which is include in groupb, which is included in groupc - ssh from master to client using the private key and perform "groups" command
ssh is failing. The issue is related to the permissions set on "/" directory on the client. We can see in the client's journal:
Jun 26 14:37:17 client0.ipa.test sshd[20596]: error: Unsafe AuthorizedKeysCommand "/usr/bin/sss_ssh_authorizedkeys": bad ownership or modes for directory /
The f40 image used for the test has wrong file permissions set on /:
# ls -ld / drwxrwxr-x. 1 root root 242 Jun 14 09:41 /
Reported the following issue in cloud-sig: ticket#429 Wrong permissions on / for Fedora-Cloud-Base-Vagrant-libvirt f40 image
Metadata Update from @frenaud: - Issue assigned to frenaud
Metadata Update from @frenaud: - Custom field on_review adjusted to https://github.com/freeipa/freeipa/pull/7408
master:
ipa-4-12:
Metadata Update from @frenaud: - Issue close_status updated to: fixed - Issue status updated to: Closed (was: Open)
Log in to comment on this ticket.