Hi,
greenmoss writes:
> strace output is attached
Thanks.
This is the relevant section from atd.c:
342 if (chdir(ATJOB_DIR) < 0)
343 perr("Cannot chdir to " ATJOB_DIR);
344 PRIV_START
345 nice((tolower((int) queue) - 'a' + 1) * 2);
346 if (initgroups(pentry->pw_name, pentry->pw_gid))
347 perr("Cannot delete saved userids");
And the same part in the output from strace:
522 20241 chdir("/var/spool/cron/atjobs") = 0
523 20241 setreuid32(1, 0) = 0
524 20241 setregid32(1, 0) = 0
525 20241 getpriority(PRIO_PROCESS, 0) = 20
526 20241 setpriority(PRIO_PROCESS, 0, 2) = 0
527 20241 getpriority(PRIO_PROCESS, 0) = 18
So far everything looks ok. Now only initgroups() is left:
528 20241 open("/proc/sys/kernel/ngroups_max", O_RDONLY) = 5
While looking up the groups, suddenly the following happens:
828 20241 getuid32() = 1
829 20241 mlock(0xb7348000, 32768) = 0
830 20241 geteuid32() = 0
831 20241 setuid32(1) = 0
832 20241 getuid32() = 1
833 20241 geteuid32() = 1
834 20241 setuid32(0) = -1 EPERM (Operation not
permitted)
It looks like the NSS module drops privileges?!
Of course, setgroups thus fails:
2005 20241 setgroups32(2, [0, 512]) = -1 EPERM (Operation
not permitted)
You seem to be using the libnss-ldap module. Does at work correctly if
you disable it?
Regards,
Ansgar
--
execution fails with "Cannot delete saved userids: Operation not permitted"
https://bugs.launchpad.net/bugs/509734
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
