permissions problems after update

Allan Streib Wed, 08 Mar 2017 07:42:47 -0800

Hi all,

I'm seeing this on two systems. Yesterday, I tried to update errata
using mtier's "openup" utility which I've used in the past. I only
mention it becase I noticed these problems at the same time; not sure
there is a cause-effect here. A third system was updated without issue.


The problem was noticed when I ran openup:

    $ doas openup
    ===> Checking for openup update
    ===> Installing/updating binpatch(es)
    quirks-2.241 signed on 2016-07-26T16:56:10Z
    binpatch60-amd64-httpd-1.0: ok
    Error from 
https://stable.mtier.org/updates/6.0/amd64/binpatch60-amd64-iked-1.0.tgz
    Can't exec "/usr/bin/ftp": Permission denied at 
/usr/libdata/perl5/OpenBSD/PackageRepository.pm line 641.
    Fatal error: Can't run /usr/bin/ftp: Permission denied
     at /usr/libdata/perl5/OpenBSD/PackageRepository.pm line 641.
    Can't find CONTENTS from 
https://stable.mtier.org/updates/6.0/amd64/binpatch60-amd64-iked-1.0.tgz
    --- binpatch60-amd64-iked-1.0 -------------------
    Can't install binpatch60-amd64-iked-1.0: bad package
    Fatal error: Ustar 
[https://stable.mtier.org/updates/6.0/amd64/binpatch60-amd64-kernel-3.0.tgz][?]:
 Error
    while reading header
     at /usr/libdata/perl5/OpenBSD/Ustar.pm line 89.

I checked the basics, I can run /usr/bin/ftp as myself. I noticed that
the function in PackageRepository.pm tries to run ftp after first
executing a function "$self->drop_privileges_and_setup_env;"

Now, I find that all sorts of things that involve a change in effective
UID do not work.

Users cannot log in because sshd cannot read their authorizsed_key file
as the owner:

    debug1: temporarily_use_uid: 1002/1002 (e=0/0)
    debug1: trying public key file /home/im3/.ssh/authorized_keys
    debug1: Could not open authorized keys '/home/im3/.ssh/authorized_keys': 
Permission denied

Yet the file exists and its owned by user (im3, user 1002 in this
example).

    # ls -l /home/im3/.ssh/authorized_keys
    -rw-------  1 im3  im3  413 Nov 10 11:49 /home/im3/.ssh/authorized_keys

    # cat /home/im3/.ssh/authorized_keys    
    ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA99 [...]

    # doas -u im3 cat /home/im3/.ssh/authorized_keys
    doas: cat: Permission denied

    # su im3
    su: /bin/ksh: Permission denied

Interestingly, I can still log in, but my account is in the "wheel"
group. If I add im3 to the "wheel" group I don't see these issues and
ssh logins work for that user.

    # usermod -G wheel im3 
    # doas -u im3 cat /home/im3/.ssh/authorized_keys  
    ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA99 [...]

Ideas?

Allan

permissions problems after update

Reply via email to