On Thu, Apr 16, 2015 at 01:42:52PM +0000, Joseph, Matthew (EXP) wrote:
> Hey Jakub,
> 
> Getent passwd returns all of the IPA users when searching either the username 
> or UID.
> Yes I know that permissions are defined by UID/GID,  used a new UID that has 
> not been previously used for this new account for this test.
> 
> Good to know, I disabled the nscd service.
> 
> Here is the output of the strace for chown on a directory.
> 
> execve("/bin/chown", ["chown", "wpooh", "/home/wpooh"], [/* 32 vars */]) = 0
> brk(0)                                  = 0x1095000
> mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 
> 0x7f5f4b698000
> access("/etc/ld.so.preload", R_OK)      = -1 ENOENT (No such file or 
> directory)
> open("/etc/ld.so.cache", O_RDONLY)      = 3
> fstat(3, {st_mode=S_IFREG|0644, st_size=142486, ...}) = 0
> mmap(NULL, 142486, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f5f4b675000
> close(3)                                = 0
> open("/lib64/libc.so.6", O_RDONLY)      = 3
> read(3, 
> "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\360\355\341\0044\0\0\0"..., 
> 832) = 832
> fstat(3, {st_mode=S_IFREG|0755, st_size=1918016, ...}) = 0
> mmap(0x3404e00000, 3741864, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 
> 3, 0) = 0x3404e00000
> mprotect(0x3404f89000, 2093056, PROT_NONE) = 0
> mmap(0x3405188000, 20480, PROT_READ|PROT_WRITE, 
> MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x188000) = 0x3405188000
> mmap(0x340518d000, 18600, PROT_READ|PROT_WRITE, 
> MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x340518d000
> close(3)                                = 0
> mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 
> 0x7f5f4b674000
> mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 
> 0x7f5f4b673000
> mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 
> 0x7f5f4b672000
> arch_prctl(ARCH_SET_FS, 0x7f5f4b673700) = 0
> mprotect(0x3405188000, 16384, PROT_READ) = 0
> mprotect(0x340481f000, 4096, PROT_READ) = 0
> munmap(0x7f5f4b675000, 142486)          = 0
> brk(0)                                  = 0x1095000
> brk(0x10b6000)                          = 0x10b6000
> open("/usr/lib/locale/locale-archive", O_RDONLY) = 3
> fstat(3, {st_mode=S_IFREG|0644, st_size=99158576, ...}) = 0
> mmap(NULL, 99158576, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f5f457e1000
> close(3)                                = 0
> socket(PF_FILE, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 3
> connect(3, {sa_family=AF_FILE, path="/var/run/nscd/socket"}, 110) = -1 ENOENT 
> (No such file or directory)
> close(3)                                = 0
> socket(PF_FILE, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 3
> connect(3, {sa_family=AF_FILE, path="/var/run/nscd/socket"}, 110) = -1 ENOENT 
> (No such file or directory)
> close(3)                                = 0
> open("/etc/nsswitch.conf", O_RDONLY)    = 3
> fstat(3, {st_mode=S_IFREG|0644, st_size=1734, ...}) = 0
> mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 
> 0x7f5f4b697000
> read(3, "#\n# /etc/nsswitch.conf\n#\n# An ex"..., 4096) = 1734
> read(3, "", 4096)                       = 0
> close(3)                                = 0
> munmap(0x7f5f4b697000, 4096)            = 0
> open("/etc/ld.so.cache", O_RDONLY)      = 3
> fstat(3, {st_mode=S_IFREG|0644, st_size=142486, ...}) = 0
> mmap(NULL, 142486, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f5f4b675000
> close(3)                                = 0
> open("/lib64/libnss_files.so.2", O_RDONLY) = 3
> read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\360!\0\0\0\0\0\0"..., 
> 832) = 832
> fstat(3, {st_mode=S_IFREG|0755, st_size=65928, ...}) = 0
> mmap(NULL, 2151824, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 
> 0x7f5f455d3000
> mprotect(0x7f5f455df000, 2097152, PROT_NONE) = 0
> mmap(0x7f5f457df000, 8192, PROT_READ|PROT_WRITE, 
> MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xc000) = 0x7f5f457df000
> close(3)                                = 0
> mprotect(0x7f5f457df000, 4096, PROT_READ) = 0
> munmap(0x7f5f4b675000, 142486)          = 0
> open("/etc/passwd", O_RDONLY|O_CLOEXEC) = 3
> fcntl(3, F_GETFD)                       = 0x1 (flags FD_CLOEXEC)
> fstat(3, {st_mode=S_IFREG|0644, st_size=3404, ...}) = 0
> mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 
> 0x7f5f4b697000
> read(3, "root:x:0:0:root:/root:/bin/bash\n"..., 4096) = 3404
> read(3, "", 4096)                       = 0
> close(3)                                = 0
> munmap(0x7f5f4b697000, 4096)            = 0
> open("/etc/ld.so.cache", O_RDONLY)      = 3
> fstat(3, {st_mode=S_IFREG|0644, st_size=142486, ...}) = 0
> mmap(NULL, 142486, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f5f4b675000
> close(3)                                = 0
> open("/lib64/libnss_ldap.so.2", O_RDONLY) = 3
> read(3, 
> "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0000\25\0\0\0\0\0\0"..., 832) = 
> 832
> fstat(3, {st_mode=S_IFREG|0755, st_size=44328, ...}) = 0
> mmap(NULL, 2139496, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 
> 0x7f5f453c8000
> mprotect(0x7f5f453d3000, 2093056, PROT_NONE) = 0
> mmap(0x7f5f455d2000, 4096, PROT_READ|PROT_WRITE, 
> MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xa000) = 0x7f5f455d2000
> close(3)                                = 0
> munmap(0x7f5f4b675000, 142486)          = 0
> socket(PF_FILE, SOCK_STREAM, 0)         = 3
> connect(3, {sa_family=AF_FILE, path="/var/run/nslcd/socket"}, 110) = -1 
> ENOENT (No such file or directory)
> close(3)                                = 0
> open("/etc/ld.so.cache", O_RDONLY)      = 3
> fstat(3, {st_mode=S_IFREG|0644, st_size=142486, ...}) = 0
> mmap(NULL, 142486, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f5f4b675000
> close(3)                                = 0
> open("/lib64/libnss_sss.so.2", O_RDONLY) = 3
> read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0 \22\0\0\0\0\0\0"..., 
> 832) = 832
> fstat(3, {st_mode=S_IFREG|0755, st_size=23792, ...}) = 0
> mmap(NULL, 2119312, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 
> 0x7f5f451c2000
> mprotect(0x7f5f451c8000, 2093056, PROT_NONE) = 0
> mmap(0x7f5f453c7000, 4096, PROT_READ|PROT_WRITE, 
> MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x5000) = 0x7f5f453c7000
> close(3)                                = 0
> munmap(0x7f5f4b675000, 142486)          = 0
> getpid()                                = 20913
> fstat(-1, 0x7fff2d84dca0)               = -1 EBADF (Bad file descriptor)
> socket(PF_FILE, SOCK_STREAM, 0)         = 3
> fcntl(3, F_GETFL)                       = 0x2 (flags O_RDWR)
> fcntl(3, F_SETFL, O_RDWR|O_NONBLOCK)    = 0
> fcntl(3, F_GETFD)                       = 0
> fcntl(3, F_SETFD, FD_CLOEXEC)           = 0
> connect(3, {sa_family=AF_FILE, path="/var/lib/sss/pipes/nss"}, 110) = 0
> fstat(3, {st_mode=S_IFSOCK|0777, st_size=0, ...}) = 0
> poll([{fd=3, events=POLLOUT}], 1, 300000) = 1 ([{fd=3, revents=POLLOUT}])
> write(3, "\24\0\0\0\1\0\0\0\0\0\0\0\0\0\0\0", 16) = 16
> poll([{fd=3, events=POLLOUT}], 1, 300000) = 1 ([{fd=3, revents=POLLOUT}])
> write(3, "\1\0\0\0", 4)                 = 4
> poll([{fd=3, events=POLLIN}], 1, 300000) = 1 ([{fd=3, revents=POLLIN}])
> read(3, "\24\0\0\0\1\0\0\0\0\0\0\0\0\0\0\0", 16) = 16
> poll([{fd=3, events=POLLIN}], 1, 300000) = 1 ([{fd=3, revents=POLLIN}])
> read(3, "\1\0\0\0", 4)                  = 4
> poll([{fd=3, events=POLLOUT}], 1, 300000) = 1 ([{fd=3, revents=POLLOUT}])
> write(3, "\26\0\0\0\21\0\0\0\0\0\0\0\0\0\0\0", 16) = 16
> poll([{fd=3, events=POLLOUT}], 1, 300000) = 1 ([{fd=3, revents=POLLOUT}])
> write(3, "wpooh\0", 6)                  = 6
> poll([{fd=3, events=POLLIN}], 1, 300000) = 1 ([{fd=3, revents=POLLIN}])
> read(3, "J\0\0\0\21\0\0\0\0\0\0\0\0\0\0\0", 16) = 16
> poll([{fd=3, events=POLLIN}], 1, 300000) = 1 ([{fd=3, revents=POLLIN}])
> read(3, "\1\0\0\0\0\0\0\0(\n\0\0\320\7\0\0wpooh\0*\0Winnie P"..., 58) = 58
> newfstatat(AT_FDCWD, "/home/wpooh", {st_mode=S_IFDIR|S_ISUID|S_ISGID|0700, 
> st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
> fchownat(AT_FDCWD, "/home/wpooh", 2600, 4294967295, 0) = -1 EINVAL (Invalid 
> argument)

So fchownat is called with UID 2600, GID 4294967295 and flags 0 and
returns EINVAL. The fchownat() manpage says that EINVAL is returned when
"Invalid flag specified in flags". 0 is certainly a valid flag, so I
assume it must be something else (the manpage also says that "Depending
on the filesystem, errors other than those listed below can be
returned.")

What UID and GID does the user have? The GID seems suspicious to me,
it's 2^32, which shouldn't happen.

Does the same error happen with all files (ie touch /tmp/somefile, chown
/tmp/somefile) ?

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to