getent doesn't work properly

Brian Inglis Brian.Inglis@SystematicSw.ab.ca
Wed Oct 23 13:28:00 GMT 2019


On 2019-10-23 05:42, Corinna Vinschen wrote:
> On Oct 23 11:17, Maayan Apelboim wrote:
>>> Is "UK" the name of the local machine or the name of your domain?
>>> How does your /etc/nsswitch.conf file look like?
>>> Do you still have /etc/passwd and /etc/group files? 
>>> If so, does removing the files change the above behaviour? 
>>> If so, can you attach both files verbatim to your reply?

>> UK is my domain. 
>> I'm not using passwd and group files after being advised in the past not to.
>> My /etc/nsswitch.conf is default. Didn't make any changes to this file.

> Since I can't reproduce this problem, would you mind trying to run getent
> under strace? It would be helpful to get 2 strace outputs for the same
> account, one working, one failing. Call it like this:
> 
> $ strace -o getent-1.trace getent passwd <account>

Is there any difference in internet connectivity between between the problem
system and the other systems?
Try
	$ whois uk.

to see that UK is the ccTLD (Country Code Top Level Domain) of the United Kingdom.
It is also in every app, or on every system, where aspects of DNS usage have to
be managed, in the PSL (Public Suffix List - see https://publicsuffix.org/),
which lists all ccTLDs, gTLDs (Global Top Level Domain), 2LDs, and higher level
DNS suffixes under which domain names appear and may be created or registered,
and under those domain names below the higher level DNS suffixes, host names may
appear and be used.
It is available in a Cygwin package; try:

	$ cygcheck -p publicsuffix-list-dafsa

You can view the source under:

	https://github.com/publicsuffix/list

and from:

	https://publicsuffix.org/list/public_suffix_list.dat

With MS having long ago blurred the lines between Windows and DNS domains, it is
likely not a good idea to name a local domain the same as any part of the DNS
name space, especially any names in the PSL, without smart DMZ blocking rules.
It is possible either: that problem system has external internet access and is
looking around the world for users; or unlike your other systems, that problem
system does not, and some lookup is failing or restricted.
You may need to get someone to run and compare network traces on the failing
system and another working system, if a software problem can not be diagnosed.

[There was a similar issue about five years ago with Oracle databases, whose
software was distributed, documented, and set up by default for years using
names like /SERVER/.world, so company database names could look as coolly global
as DNS domain names, although real DNS domain names were also supported later.
Then gTLD (Global Top Level Domain) WORLD was proposed, and we had to ensure
that all Oracle servers were behind blocking DMZs that ensured Oracle databases
did not try to leak to the outside *WORLD*.
Try
	$ whois world.
]
[I was involved in a company split ten years ago where the original company had
embedded the FQDN (Fully Qualified Domain Name) into every host and server name
in the company.
The last I heard, the new company still had to use the old company domain name
for systems internally, rather than just the local host or server name.
So *DO NOT* use or embed domain names where you don't need to!
MS insistence on always having to specify domain names rather than always
implying them is a very bad misfeature when a company changes its name.]
-- 
Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada

This email may be disturbing to some readers as it contains
too much technical detail. Reader discretion is advised.

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple



More information about the Cygwin mailing list