Ticket #982 (closed enhancement: fixed)

Opened 10 years ago

Last modified 9 years ago

Write a session wrapper than runts initgroups(3)

Reported by: jdreed Owned by:
Priority: normal Milestone: Precise Release
Component: -- Keywords:
Cc: Fixed in version: debathena-reactivate 2.0.38
Upstream bug:

Description

sudo changed its behavior and can no longer be used to run initgroups(3) for us. We should do it ourselves and remove the hack committed in r25256. This is probably mutually exclusive with #462?

Change History

comment:1 Changed 9 years ago by jdreed

We've made no progress on this, and I don't speak C. Is the relevant pseudocode for this something like the following?

getpwnam()
setgid()
setuid()
initgroups()
execve()

comment:2 Changed 9 years ago by jdreed

  • Status changed from new to committed

reactivate 2.0.38/r25671

comment:3 Changed 9 years ago by jdreed

  • Fixed in version set to debathena-reactivate 2.0.38

Tested. Also committed changes to remove /tmp/ticketenv hack. Despite the comments that say this requires pam-afs-session 2.4, that's not actually true. I think this was a bizarre interaction of sudo and schroot, but with our new session wrapper, on Natty, I'm unable to reproduce the error of not having tickets or tokens inside the chroot.

comment:4 Changed 9 years ago by jdreed

  • Status changed from committed to development

comment:5 Changed 9 years ago by jdreed

  • Status changed from development to proposed

comment:6 Changed 9 years ago by jdreed

  • Status changed from proposed to closed
  • Resolution set to fixed
Note: See TracTickets for help on using tickets.