Ticket #982 (closed enhancement: fixed)

Opened 11 years ago

Last modified 10 years ago

Write a session wrapper than runts initgroups(3)

Reported by: jdreed Owned by:
Priority: normal Milestone: Precise Release
Component: -- Keywords:
Cc: Fixed in version: debathena-reactivate 2.0.38
Upstream bug:

Description

sudo changed its behavior and can no longer be used to run initgroups(3) for us. We should do it ourselves and remove the hack committed in r25256. This is probably mutually exclusive with #462?

Change History

comment:1 Changed 10 years ago by jdreed

We've made no progress on this, and I don't speak C. Is the relevant pseudocode for this something like the following?

getpwnam()
setgid()
setuid()
initgroups()
execve()

comment:2 Changed 10 years ago by jdreed

  • Status changed from new to committed

reactivate 2.0.38/r25671

comment:3 Changed 10 years ago by jdreed

  • Fixed in version set to debathena-reactivate 2.0.38

Tested. Also committed changes to remove /tmp/ticketenv hack. Despite the comments that say this requires pam-afs-session 2.4, that's not actually true. I think this was a bizarre interaction of sudo and schroot, but with our new session wrapper, on Natty, I'm unable to reproduce the error of not having tickets or tokens inside the chroot.

comment:4 Changed 10 years ago by jdreed

  • Status changed from committed to development

comment:5 Changed 10 years ago by jdreed

  • Status changed from development to proposed

comment:6 Changed 10 years ago by jdreed

  • Status changed from proposed to closed
  • Resolution set to fixed
Note: See TracTickets for help on using tickets.