vyatta

Problem Statement: Ability to ping a user-defined hostname with a valid IP address
Solution: Simple, put it in the /etc/hosts file and you’re done.

You still can’t do it; did you check nsswitch.conf? This is what should be there: hosts: files dns .
So, with the right /etc/nsswitch.conf and /etc/hosts, should it work?

root@treebeard:~# cat /etc/hosts
127.0.0.1 localhost
127.0.1.1 treebeard
192.168.2.2 mithrandir



root@treebeard:~# ping mithrandir
PING mithrandir (192.168.2.2) 56(84) bytes of data.
64 bytes from mithrandir (192.168.2.2): icmp_seq=1 ttl=64 time=0.092 ms
64 bytes from mithrandir (192.168.2.2): icmp_seq=2 ttl=64 time=0.067 ms


It works!
But…

root@treebeard:~#sudo su - mohit
mohit@treebeard:~$ ping mithrandir
ping: unknown host


It seems when I switch to a non-root user, entries in /etc/hosts fail to take effect.
Why?

The problem is with the read attributes on /etc/nsswitch.conf. I hadn’t noticed that it was world-unreadable.

root@treebeard:~# chmod o+r /etc/nsswitch.conf
root@treebeard:~#sudo su - mohit
mohit@treebeard:~$ ping mithrandir
mohit@treebeard:~$ ping mithrandir
PING mithrandir (192.168.2.2) 56(84) bytes of data.
64 bytes from mithrandir (192.168.2.2): icmp_seq=1 ttl=64 time=0.092 ms
64 bytes from mithrandir (192.168.2.2): icmp_seq=2 ttl=64 time=0.067 ms


Worked, finally. The weird thing is I would have assumed ping to complain that it wasn’t able to read a file or something, but there was nothing of that sort. This means you can actually force a user to stick to DNS resolution and all daemons and root-owned processes to leverage /etc/hosts.

Bad idea I’d say. This might be a ticking time-bomb. I faced this problem when configuring two nodes for a 10g RAC cluster. The DB runs as a user, and the DBA had a tough time getting the private interconnect working – thanks to nsswitch.conf.

Lesson learnt.