[opensuse] OpenSUSE 11.0 and man pages
Hi all, One small issue with openSUSE: if I type "man man" as a user, I get a blank page. If, however, I do the same command as root, I do get the actual man page. This is a freshly installed sysadmin, after some Yast2 update in the community repositories. I guess there are some permissions issue here. Do we need to set /usr/bin/man as setuid, wouldn't that be dangereous ? Thanks in advance for advice regards Emmanuel -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Emmanuel Briot
Hi all,
One small issue with openSUSE: if I type "man man" as a user, I get a blank page. If, however, I do the same command as root, I do get the actual man page. This is a freshly installed sysadmin, after some Yast2 update in the community repositories.
I guess there are some permissions issue here. Do we need to set /usr/bin/man as setuid, wouldn't that be dangereous ?
Could you run "SuSEconfig" to set permissions? Does that help? It works for me on my updated system, Andreas -- Andreas Jaeger, Director Platform / openSUSE, aj@suse.de SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nürnberg) Maxfeldstr. 5, 90409 Nürnberg, Germany GPG fingerprint = 93A3 365E CE47 B889 DF7F FED1 389A 563C C272 A126
On Mon, 23 Jun 2008 15:08:56 +0200, Andreas Jaeger
Could you run "SuSEconfig" to set permissions? Does that help? It works for me on my updated system,
I just ran that command (with no argument, tell me if I should be specifying anything), but that still doesn't work. Maybe yours is doing an extra step, here is the output of SuSEconfig: # SuSEconfig Starting SuSEconfig, the SuSE Configuration Tool... Running in full featured mode. Reading /etc/sysconfig and updating the system... Executing /sbin/conf.d/SuSEconfig.desktop-file-utils... Executing /sbin/conf.d/SuSEconfig.fonts... Creating fonts.{scale,dir} files ....... /etc/fonts/suse-font-dirs.conf unchanged /etc/fonts/suse-hinting.conf unchanged /etc/fonts/suse-bitmaps.conf unchanged Creating cache files for fontconfig ................................... generating java font setup Warning: cannot find a sans serif Japanese font. Japanese in Java might not work. Warning: cannot find a serif Japanese font. Japanese in Java might not work. Warning: cannot find a sans serif simplified Chinese font. Simplified Chinese in Java might not work. Warning: cannot find a serif simplified Chinese font. Simplified Chinese in Java might not work. Warning: cannot find a sans serif traditional Chinese font. Traditional Chinesein Java might not work. Warning: cannot find a serif traditional Chinese font. Traditional Chinese in Java might not work. Warning: cannot find a sans serif Korean font. Korean in Java might not work. Warning: cannot find a serif Korean font. Korean in Java might not work. writing /usr/lib/jvm/java-1.5.0-sun-1.5.0_update15/jre/lib/fontconfig.SuSE.properties Executing /sbin/conf.d/SuSEconfig.glib2... Executing /sbin/conf.d/SuSEconfig.groff... Executing /sbin/conf.d/SuSEconfig.gtk2... Executing /sbin/conf.d/SuSEconfig.permissions... Executing /sbin/conf.d/SuSEconfig.postfix... Setting up postfix local as MDA... Setting SPAM protection to "off"... Executing /sbin/conf.d/SuSEconfig.scpm... Finished. regards Emmanuel -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Emmanuel Briot
On Mon, 23 Jun 2008 15:08:56 +0200, Andreas Jaeger
wrote: Could you run "SuSEconfig" to set permissions? Does that help? It works for me on my updated system,
I just ran that command (with no argument, tell me if I should be specifying anything), but that still doesn't work. Maybe yours is doing an extra step, here is the output of SuSEconfig:
# SuSEconfig [...] Executing /sbin/conf.d/SuSEconfig.permissions... [...]
The line above should set permissions correctly - it looks like you should bugreport using bugzilla, Andreas -- Andreas Jaeger, Director Platform / openSUSE, aj@suse.de SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nürnberg) Maxfeldstr. 5, 90409 Nürnberg, Germany GPG fingerprint = 93A3 365E CE47 B889 DF7F FED1 389A 563C C272 A126
Executing /sbin/conf.d/SuSEconfig.permissions... [...]
The line above should set permissions correctly - it looks like you should bugreport using bugzilla,
Do you know what the permissions should be, I could check on my system first and have a more complete bug report ? Is there some verbose option to see what permissions it is modifying ? Emmanuel -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Monday 2008-06-23 at 15:20 +0200, Emmanuel Briot wrote:
The line above should set permissions correctly - it looks like you should bugreport using bugzilla,
Do you know what the permissions should be, I could check on my system first and have a more complete bug report ? Is there some verbose option to see what permissions it is modifying ?
ls /etc/permissions* Those are the files. If you do changes, do them in "/etc/permissions.local" only. Idea: check in Yast that the permission scheme is not set to "paranoid". If you do that, you are on your own, about nothing works. Even "secure" is problematic. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) iD8DBQFIX6hetTMYHG2NR9URAmREAJ9oSoP9wZJr+Z4exWbByINr+LnMFQCeIwmt Q0jVaEbWbnfsCvglhNjh/VI= =x3N+ -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Monday 2008-06-23 at 15:42 +0200, Carlos E. R. wrote:
Idea: check in Yast that the permission scheme is not set to "paranoid". If you do that, you are on your own, about nothing works. Even "secure" is problematic.
Easy check: nimrodel:/ # grep PERMISSION_SECURITY /etc/sysconfig/security PERMISSION_SECURITY="easy local" You can edit the file directly or use yast. Then run "SuSEconfig". - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) iD8DBQFIX6j/tTMYHG2NR9URAtgCAJ9Ktp49jZyPDj184FhWIUzACRleNQCcCChS 5HSaVb+8vFVBCp+gL26gkj0= =LtgK -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
nimrodel:/ # grep PERMISSION_SECURITY /etc/sysconfig/security PERMISSION_SECURITY="easy local"
It was set to just " local" on my setup. I reset it to the above, re-ran SuSEconfig, but "man man" still gives me a blank page as a user (I tried with other commands to make sure the blank page had not been cached). Thanks for the hints though I did the following: chown man /usr/bin/man; chmod +s /usr/bin/man which seems to have fixed the issue. Could you send me the output of "ls -l /usr/bin/man" on your system, if man works for users ? I'll prepare the bugreport in the meanwhile regards Emmanuel -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 06/23/2008 09:56 PM, Emmanuel Briot wrote:
Thanks for the hints though
I did the following:
chown man /usr/bin/man; chmod +s /usr/bin/man
which seems to have fixed the issue. Could you send me the output of "ls -l /usr/bin/man" on your system, if man works for users ?
I'll prepare the bugreport in the meanwhile
joe@jmorris:~> ls -l /usr/bin/man -rwsr-xr-x 2 root root 10856 2007-09-22 03:48 /usr/bin/man This is for 10.3 man man works as a user. -- Joe Morris Registered Linux user 231871 running openSUSE 10.3 x86_64 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
joe@jmorris:~> ls -l /usr/bin/man -rwsr-xr-x 2 root root 10856 2007-09-22 03:48 /usr/bin/man This is for 10.3 man man works as a user.
Thanks. It was also working fine for me in 10.3 I notice 10.3 did have a setuid, even though the user was root, not man. I think the latter is sufficient at least in 11.0, and probably more secure anyway... That will be my recommendation in the bugreport, perhaps as a post-script in the man-2.5.1-12.1.rpm regards Emmanuel -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Monday 2008-06-23 at 15:56 +0200, Emmanuel Briot wrote:
which seems to have fixed the issue. Could you send me the output of "ls -l /usr/bin/man" on your system, if man works for users ?
factory (11.0): - -rwxr-xr-x 2 root root 10648 May 31 00:52 /usr/bin/man 10.3: - -rwsr-xr-x 2 root root 5884 Sep 22 2007 /usr/bin/man I can't test it in factory this week, but a pseudo-test in the factory chroot works. I don't understand why man needs to be suid? It's only about reading docs, there nothing privileged about that. Why? There must be a reason somewhere.
I'll prepare the bugreport in the meanwhile
Funny that this was not detected :-? It shows that the real betatesting occurs after the final. IMO, the RC stage should be longer, give more time to testing. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) iD8DBQFIX70YtTMYHG2NR9URAoW9AJ9kqf/DatI5mSsfvKfs0Eub8e5WygCdHIpJ hygXcufQw70bqkUhM4WEKCg= =Q+Oa -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
factory (11.0): - -rwxr-xr-x 2 root root 10648 May 31 00:52 /usr/bin/man
10.3: - -rwsr-xr-x 2 root root 5884 Sep 22 2007 /usr/bin/man
Same as on my system, and that didn't work for me... I would be interested in your testing when you have time.
I don't understand why man needs to be suid? It's only about reading docs, there nothing privileged about that. Why? There must be a reason somewhere.
That's because man pages are pre-processed, and then cached: the file /etc/permissions, pointed to by another poster, contains the following: /var/cache/man man:root 755 which indicates the location of that cache, and its user/group. Apparently, man needs to be able to write in that directory, or it shows a blank page (at least on my system) I still wasn't able to submit the issue on bugzilla, because Novell still hasn't sent me the confirmation email for my account. I guess there are too many people downloading openSUSE right now... Emmanuel -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Monday 2008-06-23 at 17:55 +0200, Emmanuel Briot wrote:
factory (11.0): - -rwxr-xr-x 2 root root 10648 May 31 00:52 /usr/bin/man
10.3: - -rwsr-xr-x 2 root root 5884 Sep 22 2007 /usr/bin/man
Same as on my system, and that didn't work for me... I would be interested in your testing when you have time.
Me too :-)
I don't understand why man needs to be suid? It's only about reading docs, there nothing privileged about that. Why? There must be a reason somewhere.
That's because man pages are pre-processed, and then cached: the file /etc/permissions, pointed to by another poster, contains the following:
/var/cache/man man:root 755
which indicates the location of that cache, and its user/group. Apparently, man needs to be able to write in that directory, or it shows a blank page (at least on my system)
Makes sense. But then, perhaps, the binary should be suid but owned by 'man', not root.
I still wasn't able to submit the issue on bugzilla, because Novell still hasn't sent me the confirmation email for my account. I guess there are too many people downloading openSUSE right now...
The Novell bugzilla system is always slow, sometimes almost unusable. Normally it is simply slow. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) iD8DBQFIX/tmtTMYHG2NR9URApG7AJ9c+I/3V5cjoINSV3gaPKvtHV4AvACdHecO zLw7kZE1WdVoJT29NVmMmBU= =zq5c -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
participants (4)
-
Andreas Jaeger
-
Carlos E. R.
-
Emmanuel Briot
-
Joe Morris