On Tue, 2015-06-16 at 14:50 +0200, richard wrote: > Hi, > > I have made a trace with gdb, and this is the output from that. > So it looks like the suid user isnt found.
Hi Richard, this looks like a bug in the application you are using, as a failure to lookup a user (if that is the case), should never end up with a segfault. I would contact that application developer and file a bug with them. Simo. > Program received signal SIGSEGV, Segmentation fault. > 0x08518f44 in utilcuti_GetUsrid(void) () > Missing separate debuginfos, use: debuginfo-install > atk-2.10.0-1.fc20.i686 bzip2-libs-1.0.6-9.fc20.i686 > cairo-1.13.1-0.1.git337ab1f.fc20.i686 expat-2.1.0-7.fc20.i686 > fontconfig-2.11.0-2.fc20.i686 freetype-2.5.0-5.fc20.i686 > gdk-pixbuf2-2.30.3-1.fc20.i686 glib2-2.38.2-2.fc20.i686 > glibc-2.18-16.fc20.i686 gtk2-2.24.24-2.fc20.i686 > harfbuzz-0.9.27-1.fc20.i686 jbigkit-libs-2.0-10.fc20.i686 > libX11-1.6.1-1.fc20.i686 libXau-1.0.8-2.fc20.i686 > libXcomposite-0.4.4-4.fc20.i686 libXcursor-1.1.14-2.fc20.i686 > libXdamage-1.1.4-4.fc20.i686 libXext-1.3.2-2.fc20.i686 > libXfixes-5.0.1-2.fc20.i686 libXi-1.7.4-1.fc20.i686 > libXinerama-1.1.3-2.fc20.i686 libXrandr-1.4.1-2.fc20.i686 > libXrender-0.9.8-2.fc20.i686 libXxf86vm-1.1.3-2.fc20.i686 > libdrm-2.4.58-1.fc20.i686 libffi-3.0.13-5.fc20.i686 > libgcc-4.8.3-7.fc20.i686 libjpeg-turbo-1.3.1-2.fc20.i686 > libpng-1.6.6-3.fc20.i686 libpng12-1.2.50-6.fc20.i686 > libselinux-2.2.1-6.fc20.i686 libwayland-client-1.2.0-3.fc20.i686 > libwayland-server-1.2.0-3.fc20.i686 libxcb-1.9.1-3.fc20.i686 > mesa-libEGL-10.3.3-1.20141110.fc20.i686 > mesa-libGL-10.3.3-1.20141110.fc20.i686 > mesa-libgbm-10.3.3-1.20141110.fc20.i686 > mesa-libglapi-10.3.3-1.20141110.fc20.i686 pango-1.36.1-3.fc20.i686 > pcre-8.33-7.fc20.i686 pixman-0.30.0-5.fc20.i686 > xz-libs-5.1.2-12alpha.fc20.i686 zlib-1.2.8-3.fc20.i686 > (gdb) bt > #0 0x08518f44 in utilcuti_GetUsrid(void) () > #1 0x0839b8a5 in BuildLockInfo(char const *, char, char *, char const > *, char *, char const *) () > #2 0x0839dc51 in lock_LockFile(char const *, char, short, char *, char > const *, char const *, char const *, char const *, char *, char const *, > char *) () > #3 0x083a02c3 in FILE_RESOURCE::DAVLock(JSTRING const &, int) () > #4 0x083c1e34 in ARCHIVE_RESOURCE::Lock(JSTRING const &, int) () > #5 0x0839fd20 in FILE_RESOURCE::DAVDelete(void) () > #6 0x083c17d4 in ARCHIVE_RESOURCE::Delete(void) () > #7 0x083b3854 in Document::Delete(void) () > #8 0x083bdf93 in TMP_OSBUFF::~TMP_OSBUFF(void) () > #9 0x083be1e1 in EXCOML_BUFFER_CHANNEL::~EXCOML_BUFFER_CHANNEL(void) () > #10 0x083ca4db in TEXT_FORMAT_PARSER::~TEXT_FORMAT_PARSER(void) () > #11 0x085270a4 in READ_CHANNEL::READER_NODE::~READER_NODE(void) () > #12 0x085271ab in READ_CHANNEL::~READ_CHANNEL(void) () > #13 0x083bf754 in DOCUMENT_READER::~DOCUMENT_READER(void) () > #14 0x08378100 in TREE_FROM_DOC::~TREE_FROM_DOC(void) () > #15 0x081b2aee in EXECUTECMD::File(PSTRING const &, PSTRING const &) () > #16 0x081b3a4e in EXECUTECMD::Link(PSTRING const &, PSTRING const &) () > #17 0x0825d010 in ECL_COMMAND::OtherExecute(void) () > #18 0x08267be4 in ECL_COMMAND::Execute(EXPR_DICT *) () > #19 0x08247d0e in ECL_REPEAT::Execute(EXPR_DICT *) () > #20 0x082472ed in lang_TreeExecute(ECL_TREE *, EXPR_DICT *) () > #21 0x081af72b in KEY_T::Execute(void) () > #22 0x081b3f26 in EXECUTECMD::Function(PSTRING const &, PSTRING const &, > int, JSTRING const &) () > #23 0x08059106 in EXCO::Initiate(void) () > #24 0x0805a355 in EXCO::Edit(void) () > #25 0x080544f5 in main () > > // Richard > > 2015-06-15 15:34 skrev Simo Sorce: > > On Sun, 2015-06-14 at 20:53 +0200, richard wrote: > >> Hi, > >> > >> We are about to implement freeipa in our environment. > >> During some test so have we discovered problems when we are trying to > >> run scripts with the suid bit set. > >> It looks like the system is trying to authenticate the suid user > >> against > >> freeipa, but since suid user doesnt have a valid ticket, so will the > >> script not run. > >> I would need some help to get around this problem. > >> > >> Is it possible to configure a keytab for the suid user so that this > >> user > >> always have a valid ticket? > > > > Hi Richard, > > it is unclear to me what problem you are having. > > > > Can you provide some log or output you receive when running commands > > that do not work as you expect ? > > > > The kernel doesn't really care (nor try) to authenticate users when the > > suid bit is set, so there must be some other component involved that is > > causing you trouble. > > > > Simo. -- Simo Sorce * Red Hat, Inc * New York -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
