Bug 10034 - wbinfo -u should only operate on its own domain by default
Summary: wbinfo -u should only operate on its own domain by default
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: Winbind (show other bugs)
Version: 4.1.0rc1
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Andreas Schneider
QA Contact: Samba QA Contact
Depends on:
Reported: 2013-07-18 07:12 UTC by Andreas Schneider
Modified: 2016-07-31 02:37 UTC (History)
0 users

See Also:

v4-1-test patch (4.53 KB, patch)
2013-07-18 10:15 UTC, Andreas Schneider
asn: review? (gd)

Note You need to log in before you can comment on or make changes to this bug.
Description Andreas Schneider 2013-07-18 07:12:10 UTC
By default wbinfo -u|-g should only enumerate the domain winbindd is
joined to. The command can be harmfull if you have e.g. 30 domains and
700k users. Then the parent will collect all information and the
oom-killer will kill winbind. As we still want to support it, you can
enable it the old behaviour with wbinfo --domain='*' -u. This is
a measure that sysadmins don't shoot themself.
Comment 1 Andreas Schneider 2013-07-18 10:15:08 UTC
Created attachment 9059 [details]
v4-1-test patch
Comment 2 Andreas Schneider 2013-07-18 10:51:38 UTC
Karolin, could you please add the text also to the WHATSNEW file?

There is a change in behaviour of the commands 'wbinfo -u' and 'wbinfo -g'. By default the enumerate all users on all trusted domains which can lead to out of memory condition on large installations. Therefore we change the default to enumerate only over the own domain (the domain winbind is joined too). We still  support the old behaviour, you can enable it with:

wbinfo --domain='*' -u
Comment 3 Andrew Bartlett 2016-07-31 02:37:36 UTC
Fixed in Samba 4.2 with 33bce26fcf2e82b9c381eeb32e1d731d3965e22f

(This never got the required review for inclusion into 4.1 while that was still in maintenance)