Bug 13817 - crontab does not work with nss_wrapper
Summary: crontab does not work with nss_wrapper
Alias: None
Product: cwrap
Classification: Unclassified
Component: library (show other bugs)
Version: unspecified
Hardware: All All
: P5 normal
Target Milestone: ---
Assignee: Andreas Schneider
QA Contact:
Depends on:
Reported: 2019-03-01 14:47 UTC by CircleCode
Modified: 2019-03-04 10:35 UTC (History)
1 user (show)

See Also:


Note You need to log in before you can comment on or make changes to this bug.
Description CircleCode 2019-03-01 14:47:09 UTC
Tested on Debian GNU/Linux 9

> echo $LD_PRELOAD

> getent passwd

> id
uid=1000(www-data) gid=1000(www-data) groups=1000(www-data)

> crontab -l
crontab: your UID isn't in the passwd file.
bailing out.
Comment 1 Andreas Schneider 2019-03-02 09:35:49 UTC

could you please explain what you're trying to achieve?

nss_wrapper is a tool for testing. It looks like you try to 'misuse' for some other task. I guess that crontab opens /etc/passwd and checks if the uid really exists as a safety net.
Comment 2 CircleCode 2019-03-04 08:19:49 UTC
I try to build a docker image with apache and cron
(side note: the crontab command is only used to register tasks, crond daemon is replaced by [supercronic][1])

I'm experimenting with the use of the --ser option of docker run, allowing to run the process as any arbitrary user.
I picked the use of nss_wrapper from the [official postgres docker image][2].

If you consider nss_wrapper is not intended for this use, and that this is not a bug, feel free to reject it.
I was however surprised to see it working with a variety of tools, and not with the crontab command, hence my report.

[1]: https://github.com/aptible/supercronic
[2]: https://github.com/docker-library/postgres/blob/cc305ee1c59d93ac1808108edda6556b879374a4/10/docker-entrypoint.sh#L58-L66
Comment 3 Andreas Schneider 2019-03-04 10:35:07 UTC
Keep in mind nss_wrapper has been created for testing purposes. I'm not sure it is a good idea to mess around with it in docker images other than testing software :-)

However I guess your cron has implemented additional checks that a uid really exists in the passwd file and is not fake.

If you really want to get it working, you probably have to write and additional wrapper which wraps the open() or fopen() call and redirect access to /etc/passwd to the NSS_WRAPPER_PASSSWD file. It is a implementation detail of your cron nothing nss_wrapper can work around.

I'm closing this as WONTFIX as this is out of scope for nss_wrapper.