| Summary: | ksu -e is giving execv errors | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 6 | Reporter: | Josip Vilicic <jvilicic> |
| Component: | krb5 | Assignee: | Robbie Harwood <rharwood> |
| Status: | CLOSED INSUFFICIENT_DATA | QA Contact: | BaseOS QE Security Team <qe-baseos-security> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | 6.8 | CC: | andrew.kiebach, dpal, jplans, jvilicic, nalin, pkis |
| Target Milestone: | rc | Flags: | rharwood:
needinfo?
(jvilicic) |
| Target Release: | --- | ||
| Hardware: | x86_64 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2017-03-23 23:26:57 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
My apologies, I didn't provide the rest of the documentation where we tried without quotes: [user@houlenv0 ~]$ ksu root -e ls /root Authenticated user Account root: authorization for user for execution of ls successful Changing uid to root (0) ksu: Permission denied while trying to execv ls And then with single quotes just in case: [user@houlenv0 ~]$ ksu root -e 'ls /root' Authenticated user Account root: authorization for user for execution of ls /root successful Changing uid to root (0) ksu: Permission denied while trying to execv ls /root BUT specifying the full path of the command does work: [user@houlenv0 ~]$ ksu -e /bin/ls /root Authenticated USER Account root: authorization for USER for execution of /bin/ls successful Changing uid to root (0) anaconda-ks.cfg So from "man ksu": -e command [args ...] ksu proceeds exactly the same as if it was invoked without the -e option, except instead of executing the target shell, ksu executes the specified command. Example of usage: ksu bob -e ls -lag ... The commands listed after the principal name must be either a full path names or just the program name. In the second case, CMD_PATH specifying the location of authorized programs must be defined at the compilation time of ksu. Which command gets exe‐ cuted? We will check their CMD_PATH.