Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unix usernames not resolving in old env for centrify user accounts #84

Open
nrcfieldsa opened this issue Aug 24, 2022 · 1 comment
Open

Unix usernames not resolving in old env for centrify user accounts #84

nrcfieldsa opened this issue Aug 24, 2022 · 1 comment

Comments

@nrcfieldsa
Copy link

nrcfieldsa commented Aug 24, 2022
edited
Loading

Users may experience numeric user id only when in the old Compute Canada environment, due to a configuration issue.

When loading modules nixpkgs/16.09 or StdEnv/2018.3 from CVMFS on trixie and then attempting to resolve user names found in the RES domain through Centrify: users are unable to use string usernames vs. numeric user ID format, due to NSS unable to dynamically load a specific library libnss_centrifydc.so.2. Local user accounts in passwd file display OK.

Users can still start their jobs and the unix permissions/ownership works for the numeric Unix ID they are logged in as; however commands such as chown/chmod/id and ls -l will not resolve the usernames properly.

Symptoms:

[fieldsa@trixie-hn1 ~]$ module load StdEnv/2018.3
[fieldsa@trixie-hn1 ~]$ mkdir test
[fieldsa@trixie-hn1 ~]$ ls -ltr|tail -1
drwxrwxr-x  15 8966466 8966466     16384 Aug  20 16:19 test
[fieldsa@trixie-hn1 ~]$ chown fieldsa test
chown: invalid user: 'fieldsa'
[fieldsa@trixie-hn1 ~]$ id
uid=8966466 gid=8966466 groups=8966466,...
[fieldsa@trixie-hn1 ~]$ id fieldsa
id: ‘fieldsa’: no such user
[fieldsa@trixie-hn1 ~]$ whoami
whoami: cannot find name for user ID 8966466: No such file or directory
# note - user ID s/// for this ticket

Work-around:

Switch to StdEnv/2020 which is the new default CC environment on trixie at this time.

If launching jobs which make use of older environment use /bin/ls and the system commands (found under /bin:/usr/bin), instead of those provided in the default PATH pointing to CC CVMFS paths.

Root cause:

Library used for supporting centrify is not located in the CVMFS path - except for the most recent StdEnv/2020.

[fieldsa@trixie-hn1 ~]$ ls -l /cvmfs/soft.computecanada.ca/gentoo/{2018.3,2019,2020}/lib64/libnss_centrifydc.so*
ls: cannot access '/cvmfs/soft.computecanada.ca/gentoo/2018.3/lib64/libnss_centrifydc.so*': No such file or directory
ls: cannot access '/cvmfs/soft.computecanada.ca/gentoo/2019/lib64/libnss_centrifydc.so*': No such file or directory
lrwxrwxrwx 1 cvmfs cvmfs 29 Sep  9  2020 /cvmfs/soft.computecanada.ca/gentoo/2020/lib64/libnss_centrifydc.so.2 -> /lib64/libnss_centrifydc.so.2

Something has put this symlink in place and is not in effect for other CC CVMFS environments, so the CVMFS binaries cannot resolve the Centrify user accounts.
@joeydumont
Copy link

joeydumont commented Aug 24, 2022
edited
Loading

Hey Allan, I had originally worked with the Compute Canada folks to get this resolved. They had added the symlink in the StdEnv/2020 Gentoo layer only, at it was, even then, the only supported environment going forward, see ComputeCanada/software-stack#40.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@joeydumont @nrcfieldsa