[Rpm-maint] rpm --chroot and glibc/nscd

Michael Schroeder mls at suse.de
Thu May 12 16:17:24 UTC 2011

Hi folks,

we had lots of trouble with rpm's user and group handling in
our kiwi system (which creates bootable ISOs). kiwi uses
rpm --root to install the selected rpms into a directory,
somehow we sometimes got wrong userids and groupids for

It turns out the glibc and nscd are to blame. There seems
to be no way to tell glibc to stop using nscd if it created
a connection for some lookup. rpm always does lookups on
startup, it has to get the home directory of the caller for

Even if nscd is not started glibc's nss functions also cache
their setting, so if you use some exotic nss module for
authentification, it'll still be used after the chroot().

At some point I basically gave up and wrote the attached
patch. It changes rpmugUid/rpmugGid to do the lookup
itself if a chroot() was done. I know it is a bit of a hack,
but I have not found another way.

The patch also
- fixes the cache usage. lastUnameLen/lastGnameLen were never
  set, so the code *always* did a getpwuid/gid call!
- renames lastU/GnameLen to lastU/GnameAlloced in
  rpmugU/Gname, so that it is consistent with the
  rpmugU/Gid function.

Even if you do not want the safe_lookup() part, having a
rpmugChroot() function that calls endpwent()/endgrent() and
drops the local caches if a chroot is done seems like a
good idea.


Michael Schroeder                                   mls at suse.de
SUSE LINUX Products GmbH,  GF Jeff Hawn, HRB 16746 AG Nuernberg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: safeugid.diff
Type: text/x-patch
Size: 5555 bytes
Desc: not available
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20110512/b869405b/attachment.bin>

More information about the Rpm-maint mailing list