Bug 217748

Summary: su: pam_xauth(su-l:session): fchown: Operation not permitted
Product: [Fedora] Fedora Reporter: Orion Poplawski <orion>
Component: pamAssignee: Tomas Mraz <tmraz>
Status: CLOSED NOTABUG QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 5   
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2006-11-29 19:29:23 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Orion Poplawski 2006-11-29 18:49:37 UTC 
Description of problem:

su will generate this error in /var/log/secure when used in an X environment:

su: pam_xauth(su-l:session): fchown: Operation not permitted

strace shows:

24129 geteuid32()                       = 0
24129 setfsuid32(1006)                  = 0
24129 gettimeofday({1164746295, 904402}, NULL) = 0
24129 open("/home/visitor/.xauthgUmsNS", O_RDWR|O_CREAT|O_EXCL|O_LARGEFILE,
0600) = 4
24129 setfsuid32(0)                     = 1006
24129 fchown32(4, 1006, 1009)           = -1 EPERM (Operation not permitted)

code is:

                /* Generate a new file to hold the data. */
                euid = geteuid();
                setfsuid(tpwd->pw_uid);
                fd = mkstemp(xauthority + strlen(XAUTHENV) + 1);
                setfsuid(euid);
                if (fd == -1) {
                        pam_syslog(pamh, LOG_ERR,
                                   "error creating temporary file `%s': %m",
                                   xauthority + strlen(XAUTHENV) + 1);
                        retval = PAM_SESSION_ERR;
                        goto cleanup;
                }
                /* Set permissions on the new file and dispose of the
                 * descriptor. */
                if (fchown(fd, tpwd->pw_uid, tpwd->pw_gid) < 0)
                  pam_syslog (pamh, LOG_ERR, "fchown: %m");
                close(fd);

Version-Release number of selected component (if applicable):
pam-0.99.5.0-5.fc5

same code is in development though.

How reproducible:
every time

Steps to Reproduce:
1.  In an X environment, su to a different user

Now, it seems like this code should work, so maybe it is a kernel/libc issue. 
Hard to tell if the second setfsuid() worked or not since:

      On success, the previous value of fsuid is returned.  On error, the  cur-
       rent value of fsuid is returned.

so the return of 1006 is ambiguous since it could be both the previous value
(1006 set above) or the current value (still 1006).

Seen with kernels 2.6.18-1.2849.fc6 and 2.6.18-1.2239.fc5, libc glibc-2.4-11 and
glibc-2.5-3.
Comment 1 Tomas Mraz 2006-11-29 18:58:59 UTC 
Could it be a SELinux problem? I don't see it on FC6.

What happens when you set SELinux to permissive mode?
Comment 2 Orion Poplawski 2006-11-29 19:06:07 UTC 
Ah, it's because we use NFS home directories...
Comment 3 Tomas Mraz 2006-11-29 19:29:23 UTC 
That makes a sense. The error message is harmless then.