Bug 55268 – don't reset users/user primary group when current primary group cannot be read (due to ACLs or replication)

Bug 55268 - don't reset users/user primary group when current primary group cannot be read (due to ACLs or replication)


Summary:	don't reset users/user primary group when current primary group cannot be rea...

Status:	NEW

Product:	UCS
Classification:	Unclassified
Component:	UMC - Users
Version:	UCS 5.0
Hardware:	Other Linux

Importance:	P5 normal (vote)
Target Milestone:	---
Assigned To:	UMC maintainers
QA Contact:	UMC maintainers

URL:
Keywords:

Depends on:	42080
Blocks:	54623
	Show dependency tree / graph

Reported:	2022-10-14 15:43 CEST by Florian Best
Modified:	2022-10-14 16:14 CEST (History)
CC List:	6 users (show)

See Also:	51771 52835
What kind of report is it?:	---
What type of bug is this?:	---
Who will be affected by this bug?:	---
How will those affected feel about the bug?:	---
User Pain:	0.114
Enterprise Customer affected?:	Yes
School Customer affected?:	Yes
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):	Cleanup, Debt Technical, Error handling
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Florian Best

2022-10-14 15:43:23 CEST

Since Bug #42080 the primary group of users/user is reset (during modification of an object, instead of during open()) to the default (cn=Domain Users) when a user has not the ACL's to read his primary group or if the primary group is not yet replicated to that server.

We should remove that unsafe behavior. Please read the discussions in Bug #42080 carefully for some possible side effects this has.

+++ This bug was initially created as a clone of Bug #42080 +++