retitle #373786 /etc/cron.daily/exim4-base fails with libpam-tmpdir clone #373786 -1 reassign -1 dpkg retitle -1 start-stop-daemon: should use PAM in --chuid setting submitter -1 [EMAIL PROTECTED] thanks
On Thu, Jun 15, 2006 at 04:22:54PM +0200, Piotr Kaczuba wrote: > /etc/cron.daily/exim4-base should unset TMPDIR, so when one is using > pam_tmpdir, the cron script could sucessfully do its work. The cron > script uses find with chuid, and as a result tempnam() fails because > it doesn't have access to the temp directory set by pam_tmpdir. >From what I guess is that the bug reporter has libpam-tmpname installed, and thus, for /etc/cron.daily/exim4-base, TMPDIR gets set to /tmp/root, which is only writeable for root. The cron script then proceeds to call "start-stop-daemon --chuid Debian-exim some_job", with some_job using tempnam() to obtain a temporary file name, honoring TMPDIR, which is not writeable by Debian-exim, the account some_job is running as. After discussing the issue on IRC with mrvn, jvw and waldi, I have learned that applications are encouraged to use TMPDIR instead of a hard-coded /tmp. Additionally, it is wrong to make the directory $TMPDIR points to writeable for Debian-exim as it might be in a place where only root should be able to write to. Hence, the right thing to do is to set TMPDIR to a directory that is writeable by Debian-exim. A workaround possible for Debian-exim could be mkdir $TMPDIR/Debian-exim chown Debian-exim $TMPDIR/Debian-exim TMPDIR=$TMPDIR/Debian-exim start-stop-daemon --chuid Debian-exim some_job which might also expose a file system which should only be writeable for root for a non-root user. Piotr, would this be an acceptable workaround for you? libpam-tmpdir maintainer, is this an acceptable workaround from a libpam-tmpdir point of view? dpkg-maintainer, is it possible to have start-stop-daemon do a pam call in case of --chuid so that TMPDIR is set correctly? Greetings Marc -- ----------------------------------------------------------------------------- Marc Haber | "I don't trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things." Winona Ryder | Fon: *49 621 72739834 Nordisch by Nature | How to make an American Quilt | Fax: *49 621 72739835 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
