[Freeipa-users] stickybits and freeipa

richard richard at familjenklar.se
Fri Jun 19 05:30:52 UTC 2015 

Hi,

I found a workaround for this problem.
I installed nscd and now it works, i will file a bug-report since the 
application
doesnt perform the get user id correct.

// Richard

2015-06-16 15:01 skrev Simo Sorce:
> On Tue, 2015-06-16 at 14:50 +0200, richard wrote:
>> Hi,
>> 
>> I have made a trace with gdb, and this is the output from that.
>> So it looks like the suid user isnt found.
> 
> Hi Richard,
> this looks like a bug in the application you are using, as a failure to
> lookup a user (if that is the case), should never end up with a
> segfault.
> 
> I would contact that application developer and file a bug with them.
> 
> Simo.
> 
>> Program received signal SIGSEGV, Segmentation fault.
>> 0x08518f44 in utilcuti_GetUsrid(void) ()
>> Missing separate debuginfos, use: debuginfo-install
>> atk-2.10.0-1.fc20.i686 bzip2-libs-1.0.6-9.fc20.i686
>> cairo-1.13.1-0.1.git337ab1f.fc20.i686 expat-2.1.0-7.fc20.i686
>> fontconfig-2.11.0-2.fc20.i686 freetype-2.5.0-5.fc20.i686
>> gdk-pixbuf2-2.30.3-1.fc20.i686 glib2-2.38.2-2.fc20.i686
>> glibc-2.18-16.fc20.i686 gtk2-2.24.24-2.fc20.i686
>> harfbuzz-0.9.27-1.fc20.i686 jbigkit-libs-2.0-10.fc20.i686
>> libX11-1.6.1-1.fc20.i686 libXau-1.0.8-2.fc20.i686
>> libXcomposite-0.4.4-4.fc20.i686 libXcursor-1.1.14-2.fc20.i686
>> libXdamage-1.1.4-4.fc20.i686 libXext-1.3.2-2.fc20.i686
>> libXfixes-5.0.1-2.fc20.i686 libXi-1.7.4-1.fc20.i686
>> libXinerama-1.1.3-2.fc20.i686 libXrandr-1.4.1-2.fc20.i686
>> libXrender-0.9.8-2.fc20.i686 libXxf86vm-1.1.3-2.fc20.i686
>> libdrm-2.4.58-1.fc20.i686 libffi-3.0.13-5.fc20.i686
>> libgcc-4.8.3-7.fc20.i686 libjpeg-turbo-1.3.1-2.fc20.i686
>> libpng-1.6.6-3.fc20.i686 libpng12-1.2.50-6.fc20.i686
>> libselinux-2.2.1-6.fc20.i686 libwayland-client-1.2.0-3.fc20.i686
>> libwayland-server-1.2.0-3.fc20.i686 libxcb-1.9.1-3.fc20.i686
>> mesa-libEGL-10.3.3-1.20141110.fc20.i686
>> mesa-libGL-10.3.3-1.20141110.fc20.i686
>> mesa-libgbm-10.3.3-1.20141110.fc20.i686
>> mesa-libglapi-10.3.3-1.20141110.fc20.i686 pango-1.36.1-3.fc20.i686
>> pcre-8.33-7.fc20.i686 pixman-0.30.0-5.fc20.i686
>> xz-libs-5.1.2-12alpha.fc20.i686 zlib-1.2.8-3.fc20.i686
>> (gdb) bt
>> #0  0x08518f44 in utilcuti_GetUsrid(void) ()
>> #1  0x0839b8a5 in BuildLockInfo(char const *, char, char *, char const
>> *, char *, char const *) ()
>> #2  0x0839dc51 in lock_LockFile(char const *, char, short, char *, 
>> char
>> const *, char const *, char const *, char const *, char *, char const 
>> *,
>> char *) ()
>> #3  0x083a02c3 in FILE_RESOURCE::DAVLock(JSTRING const &, int) ()
>> #4  0x083c1e34 in ARCHIVE_RESOURCE::Lock(JSTRING const &, int) ()
>> #5  0x0839fd20 in FILE_RESOURCE::DAVDelete(void) ()
>> #6  0x083c17d4 in ARCHIVE_RESOURCE::Delete(void) ()
>> #7  0x083b3854 in Document::Delete(void) ()
>> #8  0x083bdf93 in TMP_OSBUFF::~TMP_OSBUFF(void) ()
>> #9  0x083be1e1 in EXCOML_BUFFER_CHANNEL::~EXCOML_BUFFER_CHANNEL(void) 
>> ()
>> #10 0x083ca4db in TEXT_FORMAT_PARSER::~TEXT_FORMAT_PARSER(void) ()
>> #11 0x085270a4 in READ_CHANNEL::READER_NODE::~READER_NODE(void) ()
>> #12 0x085271ab in READ_CHANNEL::~READ_CHANNEL(void) ()
>> #13 0x083bf754 in DOCUMENT_READER::~DOCUMENT_READER(void) ()
>> #14 0x08378100 in TREE_FROM_DOC::~TREE_FROM_DOC(void) ()
>> #15 0x081b2aee in EXECUTECMD::File(PSTRING const &, PSTRING const &) 
>> ()
>> #16 0x081b3a4e in EXECUTECMD::Link(PSTRING const &, PSTRING const &) 
>> ()
>> #17 0x0825d010 in ECL_COMMAND::OtherExecute(void) ()
>> #18 0x08267be4 in ECL_COMMAND::Execute(EXPR_DICT *) ()
>> #19 0x08247d0e in ECL_REPEAT::Execute(EXPR_DICT *) ()
>> #20 0x082472ed in lang_TreeExecute(ECL_TREE *, EXPR_DICT *) ()
>> #21 0x081af72b in KEY_T::Execute(void) ()
>> #22 0x081b3f26 in EXECUTECMD::Function(PSTRING const &, PSTRING const 
>> &,
>> int, JSTRING const &) ()
>> #23 0x08059106 in EXCO::Initiate(void) ()
>> #24 0x0805a355 in EXCO::Edit(void) ()
>> #25 0x080544f5 in main ()
>> 
>> // Richard
>> 
>> 2015-06-15 15:34 skrev Simo Sorce:
>> > On Sun, 2015-06-14 at 20:53 +0200, richard wrote:
>> >> Hi,
>> >>
>> >> We are about to implement freeipa in our environment.
>> >> During some test so have we discovered problems when we are trying to
>> >> run scripts with the suid bit set.
>> >> It looks like the system is trying to authenticate the suid user
>> >> against
>> >> freeipa, but since suid user doesnt have a valid ticket, so will the
>> >> script not run.
>> >> I would need some help to get around this problem.
>> >>
>> >> Is it possible to configure a keytab for the suid user so that this
>> >> user
>> >> always have a valid ticket?
>> >
>> > Hi Richard,
>> > it is unclear to me what problem you are having.
>> >
>> > Can you provide some log or output you receive when running commands
>> > that do not work as you expect ?
>> >
>> > The kernel doesn't really care (nor try) to authenticate users when the
>> > suid bit is set, so there must be some other component involved that is
>> > causing you trouble.
>> >
>> > Simo.

More information about the Freeipa-users mailing list