From 8e714088296b9edfea628a1265bb5171394e1f87 Mon Sep 17 00:00:00 2001 From: Yi Zhao Date: Fri, 28 Mar 2025 12:56:13 +0800 Subject: [PATCH] base-files: add gshadow entry in nsswitch.conf We encountered a newgrp regression in shadow 4.17.3: root@qemux86-64:~# groupadd g1 root@qemux86-64:~# useradd t1 root@qemux86-64:~# gpasswd g1 Changing the password for group g1 New Password: Re-enter new password: root@qemux86-64:~# sudo -u t1 newgrp g1 Password: Invalid password. root@qemux86-64:~# In versions prior to shadow 4.17.3, shadow used an internal implementation to support shadow group because it could not correctly detect whether glibc supports shadow group in a cross-compilation environment. In 4.17.3, it can correctly check whether glibc supports shadow group even in a cross-compilation environment[1]. If supported, shadow will use it instead of its own internal implementation. Shadow group support in glibc requires adding a gshadow entry in nsswitch.conf. After the patch: root@qemux86-64:~# groupadd g1 root@qemux86-64:~# useradd t1 root@qemux86-64:~# gpasswd g1 Changing the password for group g1 New Password: Re-enter new password: root@qemux86-64:~# sudo -u t1 newgrp g1 Password: t1@qemux86-64:/home/root$ [1] https://github.com/shadow-maint/shadow/commit/da6b9cff02d583ef169a0bc0c1014b19b5fad2fb (From OE-Core rev: 0cb122f17cf264ef904880351db1c0bb325fe5a6) Signed-off-by: Yi Zhao Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --- meta/recipes-core/base-files/base-files/nsswitch.conf | 1 + 1 file changed, 1 insertion(+) diff --git a/meta/recipes-core/base-files/base-files/nsswitch.conf b/meta/recipes-core/base-files/base-files/nsswitch.conf index 06f03d22a6..53279c12b7 100644 --- a/meta/recipes-core/base-files/base-files/nsswitch.conf +++ b/meta/recipes-core/base-files/base-files/nsswitch.conf @@ -7,6 +7,7 @@ passwd: compat group: compat shadow: compat +gshadow: files hosts: files dns networks: files