[lxc-users] Wierd issue with high userID's
Christian Tardif
christian.tardif at servinfo.ca
Tue Nov 8 03:00:48 UTC 2016
Hi,
I just faced a strange issue with LXD containers. I'm using them quite
extensively, but never faced that before. Normally, the userID that are
presented to the container (they're coming from SSSD with
ActiveDirectory backend) are relatively low... 2000, 3000, that kind
of ID's
Last friday, at the office, I built two containers (Ubuntu 16.04, CentOS
7.1) with the same kind of configuration regarding authentication; SSSD.
And I notice that I wasn't able to log in via SSH. But one of my
colleague was able to. We re-checke the config, just to make sure (but
at the same time, it was impossible for this config to fail, as it is
presented to the servers via Puppet. So the same config, and on the same
OS level as other installs (we have numerous Ubuntu 16.04 with the same
config, but the first one on LXD containers).
We were trying to find out what piece was missing when we discover that
this is not just the logging that fails, but everything related to these
high UserID's. They are coming from a calculation based on Windows SID's
for the user, which gives a huge range of userID's, from a few thousands
to tens, if not hundreds thousands. So with my user, I can't set a
permission with it, and I can't login.In fact, I don't exist with this
user other than using "getent passwd", or "id".
What can be the cause? Something to do with namespaces, maybe? cgroups?
We'ew in the dark. And until we can solve this, LXD containers aren't
that helpful to us, unfortunately.
--------------------------------------------------------------------------------
Christian Tardif
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20161108/09e2122a/attachment.html>
More information about the lxc-users
mailing list