Michael Meskes dixit: >Hmm, not sure what I'm doing wrong. Using the same entries in my calendar file >I get: > >michael@feivel:~$ calendar
Right, but do enable the cronjob. “calendar -a” runs as root. Or try sudo calendar -a which is basically the same then watch your mail. (You’ll also need to change the dates, of course.) The patch to remove the setusercontext call is wrong, basically. Turns out fixing this (I was independently porting a different BSD calendar codebase) is rather hard and probably involves PAM magic way out of my experience. I asked at https://listman.redhat.com/archives/pam-list/2021-November/msg00000.html but that mailing list seems to be mostly dead. I did manage to cobble together something that at least switches to users properly… search for USE_CUSTOM_USERSWITCH or userswitch in http://www.mirbsd.org/cvs.cgi/src/usr.bin/calendar/calendar.c?rev=HEAD combined with… /* better than nothing… */ #define userswitch(pw) ( \ !!setresgid((pw)->pw_gid, (pw)->pw_gid, (pw)->pw_gid) || \ /* \ * not correct (should switch to user’s supplemental \ * group vector) but sufficient until someone sends \ * a workable alternative… \ */ \ !!setgroups(0, NULL) || \ !!setresuid((pw)->pw_uid, (pw)->pw_uid, (pw)->pw_uid) \ ) … in calendar-mirbsd-20211101/debian/port/port.h but it lacks not only setting the groups vector but also things like limits, environment variables and the likes. Unless you happen to have a PAM expert at hand, you might wish to at least apply something similar. In your package, at least the cronjob is disabled by default, so it hits less users, but it’s still risky. bye, //mirabilos -- [...] if maybe ext3fs wasn't a better pick, or jfs, or maybe reiserfs, oh but what about xfs, and if only i had waited until reiser4 was ready... in the be- ginning, there was ffs, and in the middle, there was ffs, and at the end, there was still ffs, and the sys admins knew it was good. :) -- Ted Unangst über *fs
