Here's an annotated strace output of the dbus process when it fails. In
another terminal, I ran 'systemctl status ntp' which triggers the dbus
query. As Zahid mentioned above, this is with the permissions on
/etc/ldap.conf set to 440, so the dbus-daemon user doesn't have
permissions to read it. But why does dbus-daemon _want_ to read it?
It's also checking /etc/passwd before this.
rphelps@d1lmdbsvrstg2:~$ sudo strace -p 942 -s 256
strace: Process 942 attached
epoll_wait(4, [{EPOLLIN, {u32=3, u64=386346997063352323}}], 64, -1) = 1
# Accept the incoming dbus call from systemctl
accept4(3, {sa_family=AF_LOCAL, NULL}, [2], SOCK_CLOEXEC) = 18
# Set it to a non-blocking socket, add it to the epoll() list, and call epoll()
again
fcntl(18, F_GETFL) = 0x2 (flags O_RDWR)
fcntl(18, F_SETFL, O_RDWR|O_NONBLOCK) = 0
getsockname(18, {sa_family=AF_LOCAL,
sun_path="/var/run/dbus/system_bus_socket"}, [34]) = 0
epoll_ctl(4, EPOLL_CTL_ADD, 18, {EPOLLET, {u32=18, u64=386346997063352338}}) = 0
epoll_ctl(4, EPOLL_CTL_MOD, 18, {EPOLLIN, {u32=18, u64=14407806993769168914}})
= 0
epoll_wait(4, [{EPOLLIN, {u32=18, u64=14407806993769168914}}], 64, 29999) = 1
# Read a message from systemctl
recvmsg(18, {msg_name(0)=NULL, msg_iov(1)=[{"\0", 1}], msg_controllen=0,
msg_flags=0}, 0) = 1
# Get the pid, uid, and gid of the systemctl process, rphelps in this case
getsockopt(18, SOL_SOCKET, SO_PEERCRED, {pid=17258, uid=10247, gid=10004},
[12]) = 0
# Try and fail to get the peer socket security state, but that might be SELinux
only?
getsockopt(18, SOL_SOCKET, SO_PEERSEC, 0x559bc7f68180, 0x7ffc93c3a2bc) = -1
ENOPROTOOPT (Protocol not available)
# Read the auth request from systemctl
read(18, "AUTH EXTERNAL 3130323437\r\nNEGOTIATE_UNIX_FD\r\nBEGIN\r\n", 2048) =
52
# Check the /etc/passwd for something
open("/etc/passwd", O_RDONLY|O_CLOEXEC) = 19
lseek(19, 0, SEEK_CUR) = 0
fstat(19, {st_mode=S_IFREG|0644, st_size=2014, ...}) = 0
mmap(NULL, 2014, PROT_READ, MAP_SHARED, 19, 0) = 0x7f5305a0d000
lseek(19, 2014, SEEK_SET) = 2014
fstat(19, {st_mode=S_IFREG|0644, st_size=2014, ...}) = 0
munmap(0x7f5305a0d000, 2014) = 0
close(19) = 0
# No idea
rt_sigaction(SIGPIPE, {SIG_IGN, [], SA_RESTORER, 0x7f530490a390}, {SIG_IGN, [],
SA_RESTORER, 0x7f530490a390}, 8) = 0
# No idea why they're doing this; maybe to see if the caller is the same
process?
geteuid() = 107
# Try, and fail, to open /etc/ldap.conf
open("/etc/ldap.conf", O_RDONLY) = -1 EACCES (Permission denied)
rt_sigaction(SIGPIPE, {SIG_IGN, [], SA_RESTORER, 0x7f530490a390}, NULL, 8) = 0
# Do another epoll() round
epoll_ctl(4, EPOLL_CTL_MOD, 18, {EPOLLET, {u32=18, u64=4294967314}}) = 0
epoll_ctl(4, EPOLL_CTL_MOD, 18, {EPOLLOUT, {u32=18, u64=4294967314}}) = 0
epoll_wait(4, [{EPOLLOUT, {u32=18, u64=4294967314}}], 64, 29995) = 1
# Send the rejection message to systemctl
sendto(18, "REJECTED EXTERNAL DBUS_COOKIE_SHA1 ANONYMOUS\r\nERROR \"Need to
authenticate first\"\r\n", 82, MSG_NOSIGNAL, NULL, 0) = 82
# Remove the connection to systemctl from the epoll() list, and close the socket
epoll_ctl(4, EPOLL_CTL_DEL, 18, 0x7ffc93c3a2e0) = 0
close(18)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1885948
Title:
systemd 229 / dbus 1.10.6-1ubuntu3.5 (16.04) and systemd 237 / dbus
1.12.2-1ubuntu1.1 (18.04) error with "Failed to get properties: Access
denied" when ran as non-root user
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/dbus/+bug/1885948/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
