Bug #3403
closed
PrivilegeHelper unit tests fail on Fedora/CentOS due to missing group "nogroup"
Added by susmit shannigrahi over 8 years ago.
Updated over 5 years ago.
Description
Fedora and CentOS don't have "nogroup" by default. They use "nobody" user and "nobody" group.
Running 57 test cases...
../tests/core/privilege-helper.t.cpp(45): error in "DropRaise": exception thrown by PrivilegeHelper::initialize("nobody", "nogroup")
1452288247.361558 INFO: [PrivilegeHelper] dropped to effective uid=0 gid=0
../tests/core/privilege-helper.t.cpp(49): error in "DropRaise": check ::geteuid() != 0 failed [0 == 0]
1452288247.361627 INFO: [PrivilegeHelper] elevated to effective uid=0 gid=0
1452288247.361674 INFO: [PrivilegeHelper] dropped to effective uid=0 gid=0
1452288247.361716 INFO: [PrivilegeHelper] elevated to effective uid=0 gid=0
1452288247.361758 INFO: [PrivilegeHelper] dropped to effective uid=0 gid=0
../tests/core/privilege-helper.t.cpp(56): error in "DropRaise": check ::geteuid() != 0 failed [0 == 0]
1452288247.361812 INFO: [PrivilegeHelper] elevated to effective uid=0 gid=0
1452288248.050340 INFO: [VersionTest] NFD_VERSION 4000
1452288248.050605 INFO: [VersionTest] NFD_VERSION_STRING 0.4.0
*** 3 failures detected in test suite "NFD Core Tests"
Is there equivalent for nouser/nogroup in Fedora?
Alex Afanasyev wrote:
Is there equivalent for nouser/nogroup in Fedora?
Yes, "nobody:nobody"
What about we change the places where we explicitly use user and group name with something that obtains a first available non-root user. For example, for group it would be
group nonRootGroup;
bool found = false;
char buffer[1024];
for (gid_t gid = 100; gid < 7000; ++gid) {
group* groupResult = nullptr;
if (getgrgid_r(gid, &nonRootGroup, buffer, 1024, &groupResult) == 0) {
if (groupResult != nullptr) {
std::cerr << "gid: " << gid << std::endl;
std::cout << nonRootGroup.gr_name << std::endl;
found = true;
}
}
}
- Subject changed from Privilege unit tests fail on Fedora due to missing nogroup to Privileged unit tests fail on Fedora due to missing nogroup
Alex Afanasyev wrote:
What about we change the places where we explicitly use user and group name with something that obtains a first available non-root user.
If this is just for the unit-tests, it should be fine.
- Category set to Core
- Estimated time set to 3.00 h
- Blocks Task #4610: Make CentOS 7 an official (CI-tested) platform added
- Subject changed from Privileged unit tests fail on Fedora due to missing nogroup to PrivilegeHelper unit tests fail on Fedora/CentOS due to missing nogroup
- Description updated (diff)
- Subject changed from PrivilegeHelper unit tests fail on Fedora/CentOS due to missing nogroup to PrivilegeHelper unit tests fail on Fedora/CentOS due to missing group "nogroup"
- Status changed from New to In Progress
- Assignee set to Davide Pesavento
- Target version set to v0.7
- Estimated time changed from 3.00 h to 1.00 h
- Status changed from In Progress to Code review
- % Done changed from 0 to 100
https://gerrit.named-data.net/c/NFD/+/4963
I've decided to use "daemon" both as user name and group name. It seems to be in more widespread use than nobody/nogroup. Debian, Ubuntu, RHEL and derivatives (including Fedora and CentOS), and macOS all have it by default.
- Status changed from Code review to Closed
Also available in: Atom
PDF
Updated by 
Updated by 
Updated by 
Updated by