permission problem.

ian Thu, 05 Feb 2009 11:58:09 -0800

Package: cereal
Version: 0.22-1.lenny1
Severity: important

Can't list/attach with non-privileged users.


To recreate:
   (as root)
      cereal-admin create test /dev/ttyS1 9600 ian ian
      cereal-admin start test
   (as ian)
      cereal list
    Result:
cat: /var/lib/cereal/sessions/test/env/USER: Permission denied
/usr/share/cereal/common: line 125: [: ian: unary operator expected
cat: /var/lib/cereal/sessions/test/env/LOGUSER: Permission denied
cat: /var/lib/cereal/sessions/test/env/LOGGROUP: Permission denied
cat: TTY: Permission denied
cat: BAUD: Permission denied
cat: USER: Permission denied
cat: LOGGROUP: Permission denied
+-- test

Then, also as user "ian" doing 'cereal attach test' results in:
cat: /var/lib/cereal/sessions/test/env/USER: Permission denied
/usr/share/cereal/common: line 125: [: ian: unary operator expected
You do not have permission to attach to session 'test'.

Output of find /var/lib/cereal/sessions/test/|xargs ls -lad
drwxr-x--x 5 root   root 4096 2009-02-05 19:30 /var/lib/cereal/sessions/test/
drwxr-x--x 2 root   root 4096 2009-02-05 19:29 /var/lib/cereal/sessions/test/env
-rw-r----- 1 root   root    5 2009-02-05 19:29 
/var/lib/cereal/sessions/test/env/BAUD
-rw-r----- 1 root   root    8 2009-02-05 19:29 
/var/lib/cereal/sessions/test/env/GROUP
-rw-r----- 1 root   root    4 2009-02-05 19:29 
/var/lib/cereal/sessions/test/env/LOGGROUP
-rw-r----- 1 root   root    7 2009-02-05 19:29 
/var/lib/cereal/sessions/test/env/LOGUSER
-rw-r----- 1 root   root    5 2009-02-05 19:29 
/var/lib/cereal/sessions/test/env/SESSION
-rw-r----- 1 root   root   11 2009-02-05 19:29 
/var/lib/cereal/sessions/test/env/TTY
-rw-r----- 1 root   root    4 2009-02-05 19:29 
/var/lib/cereal/sessions/test/env/USER
lrwxrwxrwx 1 root   root   24 2009-02-05 19:29 
/var/lib/cereal/sessions/test/finish -> /usr/share/cereal/finish
drwxr-x--x 4 root   ian  4096 2009-02-05 19:29 /var/lib/cereal/sessions/test/log
drwxr-x--- 2 cereal ian  4096 2009-02-05 19:30 
/var/lib/cereal/sessions/test/log/main
-rwxr--r-- 1 cereal ian  1232 2009-02-05 19:34 
/var/lib/cereal/sessions/test/log/main/current
-rw------- 1 cereal ian     0 2009-02-05 19:30 
/var/lib/cereal/sessions/test/log/main/lock
lrwxrwxrwx 1 root   ian    24 2009-02-05 19:29 
/var/lib/cereal/sessions/test/log/run -> /usr/share/cereal/logrun
drwxr-xr-x 2 root   root 4096 2009-02-05 19:34 
/var/lib/cereal/sessions/test/log/supervise
prw------- 1 root   root    0 2009-02-05 19:29 
/var/lib/cereal/sessions/test/log/supervise/control
-rw------- 1 root   root    0 2009-02-05 19:29 
/var/lib/cereal/sessions/test/log/supervise/lock
prw------- 1 root   root    0 2009-02-05 19:29 
/var/lib/cereal/sessions/test/log/supervise/ok
-rw-r--r-- 1 root   root    6 2009-02-05 19:34 
/var/lib/cereal/sessions/test/log/supervise/pid
-rw-r--r-- 1 root   root    4 2009-02-05 19:34 
/var/lib/cereal/sessions/test/log/supervise/stat
-rw-r--r-- 1 root   root   20 2009-02-05 19:34 
/var/lib/cereal/sessions/test/log/supervise/status
lrwxrwxrwx 1 root   root   25 2009-02-05 19:29 
/var/lib/cereal/sessions/test/run -> /usr/share/cereal/mainrun
prw-r----- 1 ian    ian     0 2009-02-05 19:34 
/var/lib/cereal/sessions/test/socket
drwxr-xr-x 2 root   root 4096 2009-02-05 19:34 
/var/lib/cereal/sessions/test/supervise
prw------- 1 root   root    0 2009-02-05 19:30 
/var/lib/cereal/sessions/test/supervise/control
-rw------- 1 root   root    0 2009-02-05 19:29 
/var/lib/cereal/sessions/test/supervise/lock
prw------- 1 root   root    0 2009-02-05 19:29 
/var/lib/cereal/sessions/test/supervise/ok
-rw-r--r-- 1 root   root    0 2009-02-05 19:34 
/var/lib/cereal/sessions/test/supervise/pid
-rw-r--r-- 1 root   root    5 2009-02-05 19:34 
/var/lib/cereal/sessions/test/supervise/stat
-rw-r--r-- 1 root   root   20 2009-02-05 19:34 
/var/lib/cereal/sessions/test/supervise/status

Now, it appears that handing out read access to 
/var/lib/cereal/sessions/test/env/* is sufficient to allow user 'ian' to 
attach/list.
'chown root:ian /var/lib/cereal/sessions/test/env/*' makes the session 'test' 
seem to work for 'ian'.

I can provide more information if requested.

Thanks

-- System Information:
Debian Release: 5.0
  APT prefers testing
  APT policy: (500, 'testing'), (500, 'stable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.26-1-686
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)

Versions of packages cereal depends on:
ii  adduser                       3.110      add and remove users and groups
ii  procmail                      3.22-16    Versatile e-mail processor
ii  runit                         2.0.0-1    a UNIX init scheme with service su
ii  screen                        4.0.3-11   terminal multiplexor with VT100/AN

cereal recommends no packages.

-- no debconf information



-- 
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]

Bug#514264: Possible /var/lib/cereal/sessions/*/env/* permission problem.

Reply via email to

Bug#514264: Possible /var/lib/cereal/sessions//env/ permission problem.