Ubuntu
udev package

40-permissions.rules includes non-existent groups

Bug #38203 reported by sjoh
104
Affects Status Importance Assigned to Milestone
udev (Ubuntu)
Fix Released
Low
Scott James Remnant (Canonical)
Nominated for Feisty by Jaakko Heinonen
upstart (Ubuntu)
Invalid
Undecided
Unassigned
Nominated for Feisty by Jaakko Heinonen

Bug Description

The file /etc/udev/rules.d/40-permissions. references two groups that do not exist in the server-install of dapper:
- scanner
- nvram

This came to my attention when I was setting up an LDAP server and libnss-ldap. During boot udev would try to resolve those group names via LDAP when the network was still down and spew errors:

Apr 4 06:25:09 gamma syslogd: nss_ldap: could not connect to any LDAP server [..cut..]

Revision history for this message
Scott James Remnant (Canonical) (canonical-scott) wrote :

Yeah, known, but so minorly trivial I decided not to do anything about it :)

Scott James Remnant (Canonical) (canonical-scott)
Changed in udev:
assignee: nobody → keybuk
status: Unconfirmed → Confirmed
Revision history for this message
Torsten Flammiger (flammiger) wrote : Re: [Bug 38203] Re: 40-permissions.rules includes non-existent groups

On 21:24 Do 05 Okt, Scott James Remnant wrote:
> ** Bug 64195 has been marked a duplicate of this bug
>
> --
> 40-permissions.rules includes non-existent groups
> https://launchpad.net/bugs/38203

maybe this bug has now more priority then LOW 'cause the
boot process now takes up to 2 and a half minute...

Revision history for this message
Markus Jonskog (omljud) wrote :

Yes, it's annoying. I'm not sure, but I think it's gotten worse lately. Was there an upgrade of libnss?
Well, I was able to tweak ldap timeouts by using hard to find settings in /etc/libnss-ldap.conf:
nss_reconnect_tries
nss_reconnect_sleeptime
nss_reconnect_maxsleeptime
nss_reconnect_maxconntries

Revision history for this message
Torsten Flammiger (flammiger) wrote :

hmm, if i would know which groups udev would like to look up it may be
a simple fix, wouldn't it?

Revision history for this message
Torsten Flammiger (flammiger) wrote :

Markus, forgot your Question: the latest Updates where/are applied and
in case of Edgy: yes - since applying the Update 2 days ago this little thing
lets me wait so long to start Edgy ;)

Revision history for this message
Michael Olson (mwolson) wrote :

This one also bit me. I thought I had set up LDAP incorrectly, because the timeout values seemed to be cycling (in retrospect, this is probably due to having more than one nonexistent group).

Revision history for this message
Michael Olson (mwolson) wrote :

It looks like this will be fixed once the sync mentioned in #63131:goes through.

Revision history for this message
Michael Olson (mwolson) wrote :

Ignore my comment about #63131 -- that was a red herring.

I do note that the scanner group was created already for me by the edgy live install CD, but not the nvram group. Commenting out the nvram entry in that file prevented the long timeout.

On a tangent: it looks like the "cycles" in timeout were actually due to putting "ldap" before the other entries in nsswitch.conf. Using the correct order (as is done in the example for this file in the libnss-ldap package) made the problem go away.

Revision history for this message
Torsten Flammiger (flammiger) wrote :

as matt mossholder wrote me:
just activating

# soft: return immediately on server failure
bind_policy soft

in /etc/libnss-ldap.conf
fixed the timeout problem

Revision history for this message
John Meuser (meuserj) wrote :

Torsten's config change definitely fixes the problem.

Revision history for this message
Niall Sheridan (niall) wrote :

No, it fixes the symptoms. The problem (referenced local groups are not present) still exists.

Revision history for this message
Matti Lindell (mlind) wrote :

This is probably related
https://launchpad.net/distros/ubuntu/+source/libnss-ldap/+bug/51315

Creating system group 'nvram' manually seems to work.

Revision history for this message
Duncan Lithgow (duncan-lithgow) wrote :

This problem is still in Feisty Herd 3.

Scott James Remnant (Canonical) (canonical-scott)
Changed in upstart:
status: Unconfirmed → Rejected
Revision history for this message
John Meuser (meuserj) wrote :

Still exists in Feisty Herd 5... this is an incredibly annoying bug for LDAP users....

Revision history for this message
Guenter (ubuntu-linux-stueck) wrote :

Still exists in Feisty Beta 1...please......

Scott James Remnant (Canonical) (canonical-scott)
Changed in udev:
status: Confirmed → In Progress
Scott James Remnant (Canonical) (canonical-scott)
Changed in udev:
status: In Progress → Fix Released
Revision history for this message
Niall Sheridan (niall) wrote :

Patch to udev-108 to remove references from rules.d/40-permissions.rules. Please apply this minorly trivial fix to udev.
Seriously, why has this bug been in this state for a year? If I'm making a change to several thousand machines so that they boot correctly, it leaves the realm of 'trivial to fix' and goes straight to 'upstream, please sort this out'.

Thanks
 - Niall

Revision history for this message
Scott James Remnant (Canonical) (canonical-scott) wrote :

Patch rejected, since a better patch is already in Ubuntu and this bug is already marked "Fix Released"

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.