Bug 50729 - false positives in univention-system-check
false positives in univention-system-check
Status: NEW
Product: UCS
Classification: Unclassified
Component: Sysinfo
UCS 4.4
Other Linux
: P5 normal (vote)
: ---
Assigned To: UCS maintainers
UCS maintainers
http://updates.software-univention.de...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2020-01-21 09:48 CET by Dirk Ahrnke
Modified: 2020-01-21 22:23 CET (History)
1 user (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 3: Simply Wrong: The implementation doesn't match the docu
Who will be affected by this bug?: 1: Will affect a very few installed domains
How will those affected feel about the bug?: 2: A Pain – users won’t like this once they notice it
User Pain: 0.034
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Dirk Ahrnke univentionstaff 2020-01-21 09:48:56 CET
1. from samba/check_samba_processes.sh

        samba_processes="$(pidof -c /usr/sbin/samba | wc -w)"
        min_samba_processes=12
        if [ "${#samba_processes[@]}" -lt "$min_samba_processes" ]; then
                echo "WARNING: Total number of /usr/sbin/samba processes lower than $min_samba_processes"
                echo "This might be ok when the Samba release is newer than this check tool."

As "samba_processes" already has the number of processes the array in the comparision is "1" which causes the Warning


2. from samba/cn_system_exists_only_once.sh 

IMPACT="windows join may fail if multiple cn=system, cn=configuration containers exists"
if [ -x "$(which univention-s4search)" ]; then
        if [ ! 1 -eq $(univention-s4search cn=system| grep -i "cn: System$" | wc -l) ]; then
                exit 1
        fi
fi


This may also trigger an error if an user account named "System" exists
Comment 1 Arvid Requate univentionstaff 2020-01-21 21:27:11 CET
The first point is a good catch, thanks!


The second point seem odd to me, because, Samba failed in the passt, if a search von "cn=system" would return anything else but exactly one match. So, yes, it would not be possible to have a user account with cn=system. Maybe Samba improved it's internal search filters in the mean time, we could check this when fixing the first point and create a separate bug to remove the cn=system check in case this limitation is not necessary any longer.
Comment 2 Arvid Requate univentionstaff 2020-01-21 21:27:27 CET
The first point is a good catch, thanks!


The second point seem odd to me, because, Samba failed in the passt, if a search von "cn=system" would return anything else but exactly one match. So, yes, it would not be possible to have a user account with cn=system. Maybe Samba improved it's internal search filters in the mean time, we could check this when fixing the first point and create a separate bug to remove the cn=sysin case this limitation is not necessary any longer
Comment 4 Dirk Ahrnke univentionstaff 2020-01-21 22:23:56 CET
ok, regarding case 2 it is obviously not possible anymore to create a user named "system" with the most current version of UCS. However, the account exists in a customers environment which was installed in 2012. I will give the advice to the customer to think about the usage of this account.