[Bug 1954997] [NEW] non-root users can't query LDAP via nslcd starting in 21.04
Aren Sandersen
1954997 at bugs.launchpad.net
Thu Dec 16 04:58:45 UTC 2021
Public bug reported:
The core issue is that /var/run/nslcd is created with 750, not 755.
nslcd.postinst creates /var/run/nslcd via adduser:
adduser --system --group --home /var/run/nslcd/ \
--gecos "nslcd name service LDAP connection daemon" \
nslcd
New in Ubuntu 21.04 is that HOME_MODE=750 is in login.defs. Now the
permissions assigned to the /var/run/nslcd directory make it so non-root
users can't communicate with nslcd via /var/run/nslcd/socket (so they
can't run "getent passwd" and get any results from LDAP, for example).
See: https://bugs.launchpad.net/ubuntu/+source/adduser/+bug/48734
** Affects: nss-pam-ldapd (Ubuntu)
Importance: Undecided
Status: New
** Package changed: adduser (Ubuntu) => nss-pam-ldapd (Ubuntu)
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to adduser in Ubuntu.
https://bugs.launchpad.net/bugs/1954997
Title:
non-root users can't query LDAP via nslcd starting in 21.04
Status in nss-pam-ldapd package in Ubuntu:
New
Bug description:
The core issue is that /var/run/nslcd is created with 750, not 755.
nslcd.postinst creates /var/run/nslcd via adduser:
adduser --system --group --home /var/run/nslcd/ \
--gecos "nslcd name service LDAP connection daemon" \
nslcd
New in Ubuntu 21.04 is that HOME_MODE=750 is in login.defs. Now the
permissions assigned to the /var/run/nslcd directory make it so non-
root users can't communicate with nslcd via /var/run/nslcd/socket (so
they can't run "getent passwd" and get any results from LDAP, for
example).
See: https://bugs.launchpad.net/ubuntu/+source/adduser/+bug/48734
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/nss-pam-ldapd/+bug/1954997/+subscriptions
More information about the foundations-bugs
mailing list