[#660] Rebuild nss_passwd / nss_groups / nss_usergroups

Description

Summary:

Detailed description

I find several projects in my 5.1 (and upgraded 5.3) installation where I need to add/remove users from a project to properly rebuild then nssgroups or nssusergroups tables.

Examples: - missing group in nss_groups while it's active and uses SCM - missing entry for site admin in private projects

So I'm in need of a script to properly rebuild these tables.

General Information
Submitted by:
Sylvain Beucler
Date Submitted: 2014-04-22 09:13
Last Modified by: Nobody
Last Modified: 2017-11-02 20:00
Date Closed: 2015-05-12 13:50
Permalink: https://fusionforge.org/tracker/a_follow.php/660
Actions
Monitor
Votes: 0/1 (0%)
Internal Fields
Data Type: Feature requests
Assigned to: Nobody (None)
State: Closed
Priority: 3
Extra Fields
Resolution:
none
Difficulty:
none
Target release:
6.0
Follow-up tabs
Message  ↓
Date: 2015-05-12 13:50
Sender: Sylvain Beucler

Closing for now. Rebuilding nsspasswd and nssgroup not necessary.

Date: 2015-04-03 12:24
Sender: Sylvain Beucler

nss_usergroups regen implemented. ed8fa7c4995e35afc7bdb51a27fda1a12b0e0f10

Not sure we need to regen nsspasswd and nssgroup right now.

Date: 2015-03-17 15:19
Sender: Sylvain Beucler

New nss-usergroups.sql version - aimed at regenerating the table rather than convert it as a view - assumes project group membership mean read-only access - fixes projname/scm_projname duplicates

See http://lists.fusionforge.org/pipermail/fusionforge-general/2015-March/002847.html for discussion.

Date: 2015-03-16 17:42
Sender: Sylvain Beucler

Cf. [#760] for "Agreed on IRC meeting today about moving to a single default group for all users", which is required to implement this.

Date: 2014-09-12 14:15
Sender: Sylvain Beucler

Additional info: - "The nss response time is < 2s for InriaForge and then gets cached, which mean we can use it directly as a view." => actually the response time is not consistent and is rather between 1.5s and 4.5s. Four seconds being too annoying for users, let's not use a view, unless we can optimize this some more. - If we don't use a view, we can rebuild the table on a regular basis. The cron would take < 5s :) - Agreed on IRC meeting today about moving to a single default group for all users. - I see that homedirs.php already set the homedirs group owner to "users".

Date: 2014-09-11 10:13
Sender: Sylvain Beucler

You're right.

Date: 2014-09-10 16:25
Sender: Franck Villaume

my first look at the sql pointed me to : "DELETE FROM nssgroups WHERE groupid=0;"

I assume we need to delete the following php code too: extract from ~/common/include/system/pgsql.class.php in function sysCreateUser:

        $res3 = db_query_params ('INSERT INTO nss_groups
                (user_id, group_id,name, gid)
                SELECT user_id, 0, user_name, unix_gid
                FROM users WHERE user_id=$1',
                     array ($user_id));

am I right?

Date: 2014-09-04 13:04
Sender: Sylvain Beucler

New version of nssusergroups.sql (uses nssgroups instead of groups for proper unix gid)

The nss response time is < 2s for InriaForge and then gets cached, which mean we can use it directly as a view. No more maintenance and desync of nss_usergroups - it's directly mapped to the reference data!

Annoyingly nss_groups is currently buggy: it allows duplicate groups, when a group and a user (default group) have the same name. This breaks the JOINs.

To fix this we need to remove the user default group, e.g. replace it with a global "forge_users" group. What do you think?

Date: 2014-05-13 17:33
Sender: Sylvain Beucler

src/utils/syncunixgroup.php does rebuild part of nss_usergroups, but doesn't take RBAC into account.

Attached is a pure-SQL reimplementation attempt to rebuild nss_usergroups.

Attachments:
Size Name Date By Download
2 KiBnss_usergroups.sql2014-05-13 17:33
Sylvain Beucler
nss_usergroups.sql
2 KiBnss_usergroups.sql2014-09-04 13:10
Sylvain Beucler
nss_usergroups.sql
2 KiBnss_usergroups.sql2015-03-17 15:19
Sylvain Beucler
nss_usergroups.sql

No related commits.

Field Old Value Date By
status_idOpen2015-05-12 13:50
Sylvain Beucler
close_dateNone2015-05-12 13:50
Sylvain Beucler
File Added497: nss_usergroups.sql2015-03-17 15:19
Sylvain Beucler
File Added495: nss_usergroups.sql2014-09-04 13:10
Sylvain Beucler
File Deleted494: nss_usergroups.sql2014-09-04 13:10
Sylvain Beucler
File Added494: nss_usergroups.sql2014-09-04 13:04
Sylvain Beucler
File Added416: nss_usergroups.sql2014-05-13 17:33
Sylvain Beucler

No relations found.