[Bug 535467] New: unscd tries to run as user nobody, fails
http://bugzilla.novell.com/show_bug.cgi?id=535467 Summary: unscd tries to run as user nobody, fails Classification: openSUSE Product: openSUSE 11.2 Version: Milestone 6 Platform: Other OS/Version: Other Status: NEW Severity: Normal Priority: P5 - None Component: Basesystem AssignedTo: pbaudis@novell.com ReportedBy: lnussel@novell.com QAContact: qa@suse.de Found By: --- # nscd -d cannot set groups for user 'nobody': Operation not permitted # + using an unprivileged user by default - switching to that user fails - user nobody must not be used for daemons, create a dedicated user instead -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=535467 User lnussel@novell.com added comment http://bugzilla.novell.com/show_bug.cgi?id=535467#c1 --- Comment #1 from Ludwig Nussel <lnussel@novell.com> 2009-08-30 04:11:47 MDT --- Really weird: # strace nscd -d 2>&1|grep setgroups setgroups32(3, [65533, 65534, 69]) = -1 EPERM (Operation not permitted) # strace nscd -d 2>&1|grep setgroups setgroups32(3, [65533, 65534, 173]) = -1 EPERM (Operation not permitted) # strace nscd -d 2>&1|grep setgroups setgroups32(3, [65533, 65534, 229]) = -1 EPERM (Operation not permitted) # strace nscd -d 2>&1|grep setgroups setgroups32(3, [65533, 65534, 163]) = -1 EPERM (Operation not permitted) If I compile unscd manually it works just fine. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=535467 User lnussel@novell.com added comment http://bugzilla.novell.com/show_bug.cgi?id=535467#c2 --- Comment #2 from Ludwig Nussel <lnussel@novell.com> 2009-08-31 02:12:36 MDT --- Created an attachment (id=315923) --> (http://bugzilla.novell.com/attachment.cgi?id=315923) fix -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=535467 User lnussel@novell.com added comment http://bugzilla.novell.com/show_bug.cgi?id=535467#c3 --- Comment #3 from Ludwig Nussel <lnussel@novell.com> 2009-08-31 02:17:20 MDT --- haha, that's a fix for using bogus groups. The reason why it fails is apparmor o_O /etc/apparmor.d/usr.sbin.nscd needs to be moved to the nscd and unscd packages. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=535467 User pbaudis@novell.com added comment http://bugzilla.novell.com/show_bug.cgi?id=535467#c4 Petr Baudis <pbaudis@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |rhafer@novell.com --- Comment #4 from Petr Baudis <pbaudis@novell.com> 2009-09-07 01:23:57 MDT --- *** Bug 536197 has been marked as a duplicate of this bug. *** http://bugzilla.novell.com/show_bug.cgi?id=536197 -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=535467 User pbaudis@novell.com added comment http://bugzilla.novell.com/show_bug.cgi?id=535467#c5 Petr Baudis <pbaudis@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |NEEDINFO Info Provider| |lnussel@novell.com --- Comment #5 from Petr Baudis <pbaudis@novell.com> 2009-09-07 01:31:58 MDT --- Thanks, setgroups() fix is now included. Which package provides /etc/apparmor.d/usr.sbin.nscd in the first place? -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=535467 User pbaudis@novell.com added comment http://bugzilla.novell.com/show_bug.cgi?id=535467#c6 Petr Baudis <pbaudis@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |NEW Info Provider|lnussel@novell.com | --- Comment #6 from Petr Baudis <pbaudis@novell.com> 2009-09-07 01:58:29 MDT --- (i've found it, working on a move now) -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=535467 User pbaudis@novell.com added comment http://bugzilla.novell.com/show_bug.cgi?id=535467#c7 Petr Baudis <pbaudis@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |NEEDINFO Info Provider| |lnussel@novell.com --- Comment #7 from Petr Baudis <pbaudis@novell.com> 2009-09-07 11:17:39 MDT --- I don't use AppArmor myself, can you please confirm if the http://download.opensuse.org/repositories/Base:/System/openSUSE_Factory/x86_... fixes your problem? (You'll probably have to force this since the file overwrites the one in apparmor-profile, I have newer version of that package ready for submission too). -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=535467 User lnussel@novell.com added comment http://bugzilla.novell.com/show_bug.cgi?id=535467#c8 Ludwig Nussel <lnussel@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |NEW Info Provider|lnussel@novell.com | --- Comment #8 from Ludwig Nussel <lnussel@novell.com> 2009-09-14 08:47:51 MDT --- the system is currently not accessible, just go ahead and submit your fixes to factory. I'll complain again if it didn't fix the problem :-) -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=535467 User pbaudis@novell.com added comment http://bugzilla.novell.com/show_bug.cgi?id=535467#c9 Petr Baudis <pbaudis@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |FIXED --- Comment #9 from Petr Baudis <pbaudis@novell.com> 2009-09-14 10:33:12 MDT --- Ok, I have created submitreqs for all three packages. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=535467 User pbaudis@novell.com added comment http://bugzilla.novell.com/show_bug.cgi?id=535467#c10 Petr Baudis <pbaudis@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |petr.m@seznam.cz --- Comment #10 from Petr Baudis <pbaudis@novell.com> 2009-09-18 00:11:08 MDT --- *** Bug 539798 has been marked as a duplicate of this bug. *** http://bugzilla.novell.com/show_bug.cgi?id=539798 -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=535467 User pbaudis@novell.com added comment http://bugzilla.novell.com/show_bug.cgi?id=535467#c11 Petr Baudis <pbaudis@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |carlos.e.r@opensuse.org --- Comment #11 from Petr Baudis <pbaudis@novell.com> 2009-09-18 02:59:56 MDT --- *** Bug 540072 has been marked as a duplicate of this bug. *** http://bugzilla.novell.com/show_bug.cgi?id=540072 -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=535467 https://bugzilla.novell.com/show_bug.cgi?id=535467#c12 Christian Boltz <suse-beta@cboltz.de> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |suse-beta@cboltz.de --- Comment #12 from Christian Boltz <suse-beta@cboltz.de> 2011-09-16 17:41:53 CEST --- For the records: I moved apparmor profile back to the apparmor-profiles package (and merged in the needed changes, of course - see bug 647718). I'll send SRs for glibc and unscd in some hours. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com