#9615 Nightly test failure (f40+) in test_sssd.py::TestNestedMembers::test_nested_group_members
Closed: fixed 6 months ago by frenaud. Opened 7 months ago by frenaud.

Issue

The nightly test test_sssd.py::TestNestedMembers::test_nested_group_members is failing on fedora 40+.

See PR #3783 with the logs and report:

        cmd = ['ssh', '-i', '/tmp/user_ssh_priv_key',
               '-q', '{}@{}'.format(self.username, client.hostname),
               'groups']
>       cmd_output = master.run_command(cmd)

test_integration/test_sssd.py:678: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <ipatests.pytest_ipa.integration.host.Host master.ipa.test (master)>
argv = ['ssh', '-i', '/tmp/user_ssh_priv_key', '-q', 'testuser001@client0.ipa.test', 'groups']
set_env = True, stdin_text = None, log_stdout = True, raiseonerr = True
cwd = None, bg = False, encoding = 'utf-8', ok_returncode = 0

    def run_command(self, argv, set_env=True, stdin_text=None,
                    log_stdout=True, raiseonerr=True,
                    cwd=None, bg=False, encoding='utf-8', ok_returncode=0):
        """Wrapper around run_command to log stderr on raiseonerr=True

        :param ok_returncode: return code considered to be correct,
                              you can pass an integer or sequence of integers
        """
        result = super().run_command(
            argv, set_env=set_env, stdin_text=stdin_text,
            log_stdout=log_stdout, raiseonerr=False, cwd=cwd, bg=bg,
            encoding=encoding
        )
        # in FIPS mode SSH may print noise to stderr, remove the string
        # "FIPS mode initialized" + optional newline.
        result.stderr_bytes = FIPS_NOISE_RE.sub(b'', result.stderr_bytes)
        try:
            result_ok = result.returncode in ok_returncode
        except TypeError:
            result_ok = result.returncode == ok_returncode
        if not result_ok and raiseonerr:
            result.log.error('stderr: %s', result.stderr_text)
>           raise subprocess.CalledProcessError(
                result.returncode, argv,
                result.stdout_text, result.stderr_text
            )
E           subprocess.CalledProcessError: Command '['ssh', '-i', '/tmp/user_ssh_priv_key', '-q', 'testuser001@client0.ipa.test', 'groups']' returned non-zero exit status 255.

pytest_ipa/integration/host.py:202: CalledProcessError

Test scenario:
- install IPA server and client
- generate a ssh key pair for the user testuser
- add the user to groupa, which is include in groupb, which is included in groupc
- ssh from master to client using the private key and perform "groups" command

ssh is failing. The issue is related to the permissions set on "/" directory on the client. We can see in the client's journal:

Jun 26 14:37:17 client0.ipa.test sshd[20596]: error: Unsafe AuthorizedKeysCommand "/usr/bin/sss_ssh_authorizedkeys": bad ownership or modes for directory /

The f40 image used for the test has wrong file permissions set on /:

# ls -ld /
drwxrwxr-x. 1 root root 242 Jun 14 09:41 /

Reported the following issue in cloud-sig:
ticket#429 Wrong permissions on / for Fedora-Cloud-Base-Vagrant-libvirt f40 image


Metadata Update from @frenaud:
- Issue assigned to frenaud

7 months ago

Metadata Update from @frenaud:
- Custom field on_review adjusted to https://github.com/freeipa/freeipa/pull/7408

7 months ago

master:

  • 5800360 ipatests: fix / permissions for test_nested_group_members

ipa-4-12:

  • 48ff7da ipatests: fix / permissions for test_nested_group_members

Metadata Update from @frenaud:
- Issue close_status updated to: fixed
- Issue status updated to: Closed (was: Open)

6 months ago

Log in to comment on this ticket.

Metadata