Need help. Problem with setgid on Fedora Core 9.

Steven W. Orr steveo at syslang.net
Sat Oct 25 20:41:04 UTC 2008 

I upgraded from Core 4 to Core 9 (fresh install) and now my mailinglist 
manager, mj2, won't work anymore. Here's the problem. In ~majordomo/bin, I 
have all of the programs (written in perl) and all of the associated 
wrappers. The wrappers are all owned by majordomo (owner and group) and 
the appropriate ones also have setuid and setgid bits set. Unless I am 
sudo'd to the majordomo account (103 in this case), the program does not 
start because of a problem with setgid.

BTW, selinux is totally disabled.

528 > ~majordomo/bin/mj_shell
Insecure dependency in eval while running setuid at 
/usr/lib/perl5/5.10.0/SelfLoader.pm line 54.
Compilation failed in require at 
/usr/lib/perl5/site_perl/5.10.0/Term/ReadLine/Perl.pm line 63.
529 >

I did some experimenting and discovered that the setgid bit is not working. In 
fact, I even went so far as to modify the code so that the wrapper was 
installed setuid/setgid as root and I made the program do a setgid, setegid, 
setresgid to 103, all to no avail. The error that I get back is EPERM, which in 
the man page says:

  The calling  process  is  not  privileged  (does  not  have  the
  CAP_SETGID  capability),  and  gid  does not match the effective
  group ID or saved set-group-ID of the calling process.

To recap, the fundamental problem is that I seem to no longer be able to 
run setgid either as root or as the result of installing a program with 
the setgid bit set. The software I'm using is actuallying looking to see 
if the current group is the same as the saved group.

It doesn't matter if I run it as steveo or root. The only time it succeeds is 
if I am su'd to majordomo.

If anyone can help me and help quickly, my server is now down, and I'd really 
appreciate suggestions on what to do.

Is there something that needs to be done to allow setgid to succeed? AFAICT, 
that's the only thing that's holding me up right now.

-- 
Time flies like the wind. Fruit flies like a banana. Stranger things have  .0.
happened but none stranger than this. Does your driver's license say Organ ..0
Donor?Black holes are where God divided by zero. Listen to me! We are all- 000
individuals! What if this weren't a hypothetical question?
steveo at syslang.net

More information about the fedora-list mailing list