Issue #3107 has been updated by Markus Roberts. Status changed from Accepted to Ready for Testing Assigned to deleted (Jesse Wolfe) Branch set to [email protected]:MarkusQ/puppet.git ticket/0.25.x/3107
Looking at the docs and the source code in ruby's process.c library I _think_ that this should work under AIX and also under other supported OSes, but I've only tried it under OS X and Linux. Can anyone else give it a whirl? ---------------------------------------- Bug #3107: Execute() in util.rb does not execute setuid properly on AIX http://projects.puppetlabs.com/issues/3107 Author: Andrew Forgue Status: Ready for Testing Priority: Normal Assigned to: Category: executables Target version: 0.25.6 Affected version: 0.25.3 Keywords: cron aix execute Branch: [email protected]:MarkusQ/puppet.git ticket/0.25.x/3107 In lib/puppet/util.rb: <pre> 297 if arguments[:gid] 298 Process.egid = arguments[:gid] 299 Process.gid = arguments[:gid] unless @@os == "Darwin" 300 end 301 if arguments[:uid] 302 Process.euid = arguments[:uid] 303 Process.uid = arguments[:uid] unless @@os == "Darwin" </pre> This does not work on AIX and silently fails due to line 303 returning EPERM (Not Owner). If I swap lines 302 and 303 it works correctly. This currently breaks the cron type on AIX for non-root users, but has an effect when anything on AIX requires execution of something as a different user. Also, <pre> Process::GID.change_privilege(arguments[:gid]) if arguments[:gid] Process::UID.change_privilege(arguments[:uid]) if arguments[:uid] </pre> does the setuid correctly. Perhaps execute should do change_privilege instead of [e]gid=/[e]uid=? -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en.
