[Bug 27520] Re: cron daemon caches user-non-existent lookup results, causing "ORPHAN" message and skipping jobs for all LDAP/NIS-defined users

Harald Hannelius 27520 at bugs.launchpad.net
Thu Feb 11 20:18:58 UTC 2021 

I noticed this error on Ubuntu 20.10. Local OpenLDAP, nslcd and a LDAP-
user's cron-jobs aren't run because the log says orphaned.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to cron in Ubuntu.
https://bugs.launchpad.net/bugs/27520

Title:
  cron daemon caches user-non-existent lookup results, causing "ORPHAN"
  message and skipping jobs for all LDAP/NIS-defined users

Status in cron package in Ubuntu:
  Fix Released
Status in cron source package in Lucid:
  Fix Released
Status in cron source package in Maverick:
  Won't Fix
Status in cron source package in Natty:
  Won't Fix
Status in cron package in Debian:
  Fix Released

Bug description:
  == SRU Justification ==

  * Impact: users being defined on remote user databases such as LDAP
  will not be able to access to their cron jobs and these will be marked
  as orphaned unless cron is restarted. The impact is severe for users
  relying on cron and using LDAP.

  * Fix:
    The fix was implemented in Fedora's cronie. It implements a list orphan which allows to describe jobs as being orphaned or not depending on whether the owner is found or not.

  * Test case: 
    How to reproduce:
       1. Setup an LDAP remote directory and add a user to test.
       2. Create a crontab for this user with some jobs.
       3. When a reboot happens, this user will have its jobs orphaned.
    Expected results:
       - the cron table is read and jobs are to be executed when required.
    Actual results:
       - the cron table / jobs are marked as orphaned.

  * Regression potential: very minimal, the fix only adds a list adding
  a new description to the jobs, these are described as orphans and are
  checked when necessary.

  * Original bug description:

  We had a server which was happily running Hoary. It authenticated to our AD2003
  domain using winbind, and winbind was in the nsswitch.conf. However, after
  upgrading to Breezy, cron no longer works properly, in that it doesn't respect
  accounts from winbind as being valid accounts. My logs are filling up with
  messages like:

  Dec 22 09:52:01 thorin /usr/sbin/cron[28207]: (user1) ORPHAN (no passwd entry)
  Dec 22 09:52:01 thorin /usr/sbin/cron[28207]: (user2) ORPHAN (no passwd entry)
  Dec 22 09:55:01 thorin /usr/sbin/cron[28207]: (user3) ORPHAN (no passwd entry)
  Dec 22 09:55:01 thorin /usr/sbin/cron[28207]: (user4) ORPHAN (no passwd entry)

  If you do "id user1", their information shows up perfectly fine, so it seems
  like cron has been changed to not respect this source of information.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cron/+bug/27520/+subscriptions

More information about the foundations-bugs mailing list