[Freeipa-users] stickybits and freeipa

richard richard at familjenklar.se
Tue Jun 16 12:50:35 UTC 2015 

Hi,

I have made a trace with gdb, and this is the output from that.
So it looks like the suid user isnt found.

Program received signal SIGSEGV, Segmentation fault.
0x08518f44 in utilcuti_GetUsrid(void) ()
Missing separate debuginfos, use: debuginfo-install 
atk-2.10.0-1.fc20.i686 bzip2-libs-1.0.6-9.fc20.i686 
cairo-1.13.1-0.1.git337ab1f.fc20.i686 expat-2.1.0-7.fc20.i686 
fontconfig-2.11.0-2.fc20.i686 freetype-2.5.0-5.fc20.i686 
gdk-pixbuf2-2.30.3-1.fc20.i686 glib2-2.38.2-2.fc20.i686 
glibc-2.18-16.fc20.i686 gtk2-2.24.24-2.fc20.i686 
harfbuzz-0.9.27-1.fc20.i686 jbigkit-libs-2.0-10.fc20.i686 
libX11-1.6.1-1.fc20.i686 libXau-1.0.8-2.fc20.i686 
libXcomposite-0.4.4-4.fc20.i686 libXcursor-1.1.14-2.fc20.i686 
libXdamage-1.1.4-4.fc20.i686 libXext-1.3.2-2.fc20.i686 
libXfixes-5.0.1-2.fc20.i686 libXi-1.7.4-1.fc20.i686 
libXinerama-1.1.3-2.fc20.i686 libXrandr-1.4.1-2.fc20.i686 
libXrender-0.9.8-2.fc20.i686 libXxf86vm-1.1.3-2.fc20.i686 
libdrm-2.4.58-1.fc20.i686 libffi-3.0.13-5.fc20.i686 
libgcc-4.8.3-7.fc20.i686 libjpeg-turbo-1.3.1-2.fc20.i686 
libpng-1.6.6-3.fc20.i686 libpng12-1.2.50-6.fc20.i686 
libselinux-2.2.1-6.fc20.i686 libwayland-client-1.2.0-3.fc20.i686 
libwayland-server-1.2.0-3.fc20.i686 libxcb-1.9.1-3.fc20.i686 
mesa-libEGL-10.3.3-1.20141110.fc20.i686 
mesa-libGL-10.3.3-1.20141110.fc20.i686 
mesa-libgbm-10.3.3-1.20141110.fc20.i686 
mesa-libglapi-10.3.3-1.20141110.fc20.i686 pango-1.36.1-3.fc20.i686 
pcre-8.33-7.fc20.i686 pixman-0.30.0-5.fc20.i686 
xz-libs-5.1.2-12alpha.fc20.i686 zlib-1.2.8-3.fc20.i686
(gdb) bt
#0  0x08518f44 in utilcuti_GetUsrid(void) ()
#1  0x0839b8a5 in BuildLockInfo(char const *, char, char *, char const 
*, char *, char const *) ()
#2  0x0839dc51 in lock_LockFile(char const *, char, short, char *, char 
const *, char const *, char const *, char const *, char *, char const *, 
char *) ()
#3  0x083a02c3 in FILE_RESOURCE::DAVLock(JSTRING const &, int) ()
#4  0x083c1e34 in ARCHIVE_RESOURCE::Lock(JSTRING const &, int) ()
#5  0x0839fd20 in FILE_RESOURCE::DAVDelete(void) ()
#6  0x083c17d4 in ARCHIVE_RESOURCE::Delete(void) ()
#7  0x083b3854 in Document::Delete(void) ()
#8  0x083bdf93 in TMP_OSBUFF::~TMP_OSBUFF(void) ()
#9  0x083be1e1 in EXCOML_BUFFER_CHANNEL::~EXCOML_BUFFER_CHANNEL(void) ()
#10 0x083ca4db in TEXT_FORMAT_PARSER::~TEXT_FORMAT_PARSER(void) ()
#11 0x085270a4 in READ_CHANNEL::READER_NODE::~READER_NODE(void) ()
#12 0x085271ab in READ_CHANNEL::~READ_CHANNEL(void) ()
#13 0x083bf754 in DOCUMENT_READER::~DOCUMENT_READER(void) ()
#14 0x08378100 in TREE_FROM_DOC::~TREE_FROM_DOC(void) ()
#15 0x081b2aee in EXECUTECMD::File(PSTRING const &, PSTRING const &) ()
#16 0x081b3a4e in EXECUTECMD::Link(PSTRING const &, PSTRING const &) ()
#17 0x0825d010 in ECL_COMMAND::OtherExecute(void) ()
#18 0x08267be4 in ECL_COMMAND::Execute(EXPR_DICT *) ()
#19 0x08247d0e in ECL_REPEAT::Execute(EXPR_DICT *) ()
#20 0x082472ed in lang_TreeExecute(ECL_TREE *, EXPR_DICT *) ()
#21 0x081af72b in KEY_T::Execute(void) ()
#22 0x081b3f26 in EXECUTECMD::Function(PSTRING const &, PSTRING const &, 
int, JSTRING const &) ()
#23 0x08059106 in EXCO::Initiate(void) ()
#24 0x0805a355 in EXCO::Edit(void) ()
#25 0x080544f5 in main ()

// Richard

2015-06-15 15:34 skrev Simo Sorce:
> On Sun, 2015-06-14 at 20:53 +0200, richard wrote:
>> Hi,
>> 
>> We are about to implement freeipa in our environment.
>> During some test so have we discovered problems when we are trying to
>> run scripts with the suid bit set.
>> It looks like the system is trying to authenticate the suid user 
>> against
>> freeipa, but since suid user doesnt have a valid ticket, so will the
>> script not run.
>> I would need some help to get around this problem.
>> 
>> Is it possible to configure a keytab for the suid user so that this 
>> user
>> always have a valid ticket?
> 
> Hi Richard,
> it is unclear to me what problem you are having.
> 
> Can you provide some log or output you receive when running commands
> that do not work as you expect ?
> 
> The kernel doesn't really care (nor try) to authenticate users when the
> suid bit is set, so there must be some other component involved that is
> causing you trouble.
> 
> Simo.

More information about the Freeipa-users mailing list