On Thu, Feb 05, 2009 at 07:41:12PM +0000, ian wrote: > Can't list/attach with non-privileged users.
Hi, Ian. Thank you very much for this bug report. You certainly should be able to list/attach with the user you specify when creating the session. > Now, it appears that handing out read access to > /var/lib/cereal/sessions/test/env/* is sufficient to allow user > 'ian' to attach/list. > 'chown root:ian /var/lib/cereal/sessions/test/env/*' makes the > session 'test' seem to work for 'ian'. > > I can provide more information if requested. We were wondering if you maybe have an unusually strict umask (eg. 0077) set for the root user. This is the only thing that we can think of at the moment that would have caused the permissions on the env files to be set so that a non-privileged user could not read them. And unreadable env files could definitely have caused the problems you're seeing. I believe the default root umask in Debian is 022, which would mean the env files would normally be created with permissions such that all users could read them. Clearly cereal should fail more gracefully if there is an unusually strict umask set. We're now working on making it more robust for such a setup. Thanks for bringing it to our attention, and sorry for the inconvenience. jamie.
signature.asc
Description: Digital signature
