Hi,
I have made a trace with gdb, and this is the output from that.
So it looks like the suid user isnt found.
Program received signal SIGSEGV, Segmentation fault.
0x08518f44 in utilcuti_GetUsrid(void) ()
Missing separate debuginfos, use: debuginfo-install
atk-2.10.0-1.fc20.i686 bzip2-libs-1.0.6-9.fc20.i686
cairo-1.13.1-0.1.git337ab1f.fc20.i686 expat-2.1.0-7.fc20.i686
fontconfig-2.11.0-2.fc20.i686 freetype-2.5.0-5.fc20.i686
gdk-pixbuf2-2.30.3-1.fc20.i686 glib2-2.38.2-2.fc20.i686
glibc-2.18-16.fc20.i686 gtk2-2.24.24-2.fc20.i686
harfbuzz-0.9.27-1.fc20.i686 jbigkit-libs-2.0-10.fc20.i686
libX11-1.6.1-1.fc20.i686 libXau-1.0.8-2.fc20.i686
libXcomposite-0.4.4-4.fc20.i686 libXcursor-1.1.14-2.fc20.i686
libXdamage-1.1.4-4.fc20.i686 libXext-1.3.2-2.fc20.i686
libXfixes-5.0.1-2.fc20.i686 libXi-1.7.4-1.fc20.i686
libXinerama-1.1.3-2.fc20.i686 libXrandr-1.4.1-2.fc20.i686
libXrender-0.9.8-2.fc20.i686 libXxf86vm-1.1.3-2.fc20.i686
libdrm-2.4.58-1.fc20.i686 libffi-3.0.13-5.fc20.i686
libgcc-4.8.3-7.fc20.i686 libjpeg-turbo-1.3.1-2.fc20.i686
libpng-1.6.6-3.fc20.i686 libpng12-1.2.50-6.fc20.i686
libselinux-2.2.1-6.fc20.i686 libwayland-client-1.2.0-3.fc20.i686
libwayland-server-1.2.0-3.fc20.i686 libxcb-1.9.1-3.fc20.i686
mesa-libEGL-10.3.3-1.20141110.fc20.i686
mesa-libGL-10.3.3-1.20141110.fc20.i686
mesa-libgbm-10.3.3-1.20141110.fc20.i686
mesa-libglapi-10.3.3-1.20141110.fc20.i686 pango-1.36.1-3.fc20.i686
pcre-8.33-7.fc20.i686 pixman-0.30.0-5.fc20.i686
xz-libs-5.1.2-12alpha.fc20.i686 zlib-1.2.8-3.fc20.i686
(gdb) bt
#0 0x08518f44 in utilcuti_GetUsrid(void) ()
#1 0x0839b8a5 in BuildLockInfo(char const *, char, char *, char const
*, char *, char const *) ()
#2 0x0839dc51 in lock_LockFile(char const *, char, short, char *, char
const *, char const *, char const *, char const *, char *, char const *,
char *) ()
#3 0x083a02c3 in FILE_RESOURCE::DAVLock(JSTRING const &, int) ()
#4 0x083c1e34 in ARCHIVE_RESOURCE::Lock(JSTRING const &, int) ()
#5 0x0839fd20 in FILE_RESOURCE::DAVDelete(void) ()
#6 0x083c17d4 in ARCHIVE_RESOURCE::Delete(void) ()
#7 0x083b3854 in Document::Delete(void) ()
#8 0x083bdf93 in TMP_OSBUFF::~TMP_OSBUFF(void) ()
#9 0x083be1e1 in EXCOML_BUFFER_CHANNEL::~EXCOML_BUFFER_CHANNEL(void) ()
#10 0x083ca4db in TEXT_FORMAT_PARSER::~TEXT_FORMAT_PARSER(void) ()
#11 0x085270a4 in READ_CHANNEL::READER_NODE::~READER_NODE(void) ()
#12 0x085271ab in READ_CHANNEL::~READ_CHANNEL(void) ()
#13 0x083bf754 in DOCUMENT_READER::~DOCUMENT_READER(void) ()
#14 0x08378100 in TREE_FROM_DOC::~TREE_FROM_DOC(void) ()
#15 0x081b2aee in EXECUTECMD::File(PSTRING const &, PSTRING const &) ()
#16 0x081b3a4e in EXECUTECMD::Link(PSTRING const &, PSTRING const &) ()
#17 0x0825d010 in ECL_COMMAND::OtherExecute(void) ()
#18 0x08267be4 in ECL_COMMAND::Execute(EXPR_DICT *) ()
#19 0x08247d0e in ECL_REPEAT::Execute(EXPR_DICT *) ()
#20 0x082472ed in lang_TreeExecute(ECL_TREE *, EXPR_DICT *) ()
#21 0x081af72b in KEY_T::Execute(void) ()
#22 0x081b3f26 in EXECUTECMD::Function(PSTRING const &, PSTRING const &,
int, JSTRING const &) ()
#23 0x08059106 in EXCO::Initiate(void) ()
#24 0x0805a355 in EXCO::Edit(void) ()
#25 0x080544f5 in main ()
// Richard
2015-06-15 15:34 skrev Simo Sorce:
On Sun, 2015-06-14 at 20:53 +0200, richard wrote:
Hi,
We are about to implement freeipa in our environment.
During some test so have we discovered problems when we are trying to
run scripts with the suid bit set.
It looks like the system is trying to authenticate the suid user
against
freeipa, but since suid user doesnt have a valid ticket, so will the
script not run.
I would need some help to get around this problem.
Is it possible to configure a keytab for the suid user so that this
user
always have a valid ticket?
Hi Richard,
it is unclear to me what problem you are having.
Can you provide some log or output you receive when running commands
that do not work as you expect ?
The kernel doesn't really care (nor try) to authenticate users when the
suid bit is set, so there must be some other component involved that is
causing you trouble.
Simo.
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
