Bug 625228
| Summary: | gdm does not honor CheckDirOwner | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 5 | Reporter: | Jeff Bastian <jbastian> | ||||||
| Component: | gdm | Assignee: | Ray Strode [halfline] <rstrode> | ||||||
| Status: | CLOSED WONTFIX | QA Contact: | desktop-bugs <desktop-bugs> | ||||||
| Severity: | medium | Docs Contact: | |||||||
| Priority: | low | ||||||||
| Version: | 5.5 | CC: | cww, tao | ||||||
| Target Milestone: | rc | ||||||||
| Target Release: | --- | ||||||||
| Hardware: | All | ||||||||
| OS: | Linux | ||||||||
| Whiteboard: | |||||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||||
| Doc Text: | Story Points: | --- | |||||||
| Clone Of: | Environment: | ||||||||
| Last Closed: | 2011-10-18 14:08:28 UTC | Type: | --- | ||||||
| Regression: | --- | Mount Type: | --- | ||||||
| Documentation: | --- | CRM: | |||||||
| Verified Versions: | Category: | --- | |||||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||||
| Embargoed: | |||||||||
| Attachments: |
|
||||||||
Created attachment 439527 [details]
patch for CheckDirOwner
This patch will check the CheckDirOwner status when looking at the owner of files in addition to the home directory. The warnings do not appear when using this patch.
Maybe a CheckFileOwner option should be added instead?
Comment on attachment 439527 [details] patch for CheckDirOwner >diff --git a/daemon/filecheck.c b/daemon/filecheck.c >index 5cf6006..8785f85 100644 >--- a/daemon/filecheck.c >+++ b/daemon/filecheck.c >@@ -110,8 +110,11 @@ gdm_file_check (const gchar *caller, uid_t user, const gchar *dir, > return FALSE; > } > >- /* ... owned by the user ... */ >- if G_UNLIKELY (statbuf.st_uid != user) { >+ /* ... owned by the user ... >+ If the directory is not owned by the user, it's likely the files are >+ not owned by the user either, so suppress the checks on file >+ ownership too if CheckDirEnabled is false. */ >+ if G_UNLIKELY (gdm_get_value_bool (GDM_KEY_CHECK_DIR_OWNER) && (statbuf.st_uid != user)) { > syslog (LOG_WARNING, _("%s: %s is not owned by uid %d."), caller, fullpath, user); > g_free (fullpath); > return FALSE; I modified the patch slightly in comment 3 by adding the "if CheckDirEnabled is false" statement to the comments. Created attachment 439529 [details]
patch for CheckDirOwner
Argh, that should be CheckDirOwner, not CheckDirEnabled.
Here's a whole new patch to avoid confusion.
This request was evaluated by Red Hat Product Management for inclusion in the current release of Red Hat Enterprise Linux. Because the affected component is not scheduled to be updated in the current release, Red Hat is unfortunately unable to address this request at this time. Red Hat invites you to ask your support representative to propose this request, if appropriate and relevant, in the next release of Red Hat Enterprise Linux. |
Description of problem: If multiple users share a home directory, and CheckDirOwner is disabled in /etc/gdm/custom.conf, gdm still prints a warning message when a user who is not the owner of the home directory logs in. User's $HOME/.dmrc file is being ignored. This prevents the default session and language from being saved. File should be owned by user and have 644 permissions. User's $HOME directory must be owned by user and not writable by other users. It also leaves an entry in /var/log/messages: Aug 18 16:49:27 localhost gdm[2942]: gdm_slave_session_start: /home/shared1/.dmrc is not owned by uid 502. Version-Release number of selected component (if applicable): gdm-2.16.0-56.el5 How reproducible: every time Steps to Reproduce: 1. Create two new users and set the home directory of the second user to that of the first. useradd shared1 echo password | passwd --stdin shared1 useradd -d /home/shared1 shared2 echo password | passwd --stdin shared2 2. Modify /etc/gdm/custom.conf and restart gdm. vim /etc/gdm/custom.conf [security] CheckDirOwner=false <--- insert this line RelaxPermissions=2 <--- insert this line gdm-restart 3. Login as shared1 user at the gdm screen to create the initial Gnome directories and configuration files. 4. Modify the permissions of .dmrc, .gnome2 and other directories. chmod 777 /home/shared1 chmod a+r /home/shared1/.dmrc chmod a+rw /home/shared1/.ICEauthority find /home/shared1/{.gconf*,.gnome*,.metacity,.Trash} \ -type d | xargs chmod a+rwx find /home/shared1/{.gconf*,.gnome*,.metacity,.Trash} \ -type f | xargs chmod a+rw 5. Logout from shared1, then login as shared2. Actual results: A warning message is displayed and an error is left in /var/log/messages; see above for text of both. Expected results: No warnings displayed or left in logs. Additional info: