polkit-0.112-7.fc21.x86_64 Trying to execute "pkexec usermod ..." as a user in the wheel group fails, while other programs from /usr/sbin work as expected: [admin@f21 ~]$ echo $PATH /usr/local/bin:/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/home/admin/.local/bin:/home/admin/bin [admin@f21 ~]$ pkexec usermod --help Cannot run program usermod: No such file or directory [admin@f21 ~]$ pkexec lvs ==== AUTHENTICATING FOR org.freedesktop.policykit.exec === Authentication is needed to run `/usr/sbin/lvs' as the super user Authenticating as: Administrator (admin) Password: ==== AUTHENTICATION COMPLETE === LV VG Attr LSize [...] The reason seems to be that /usr/sbin/usermod is not world-executable.
Created attachment 941076 [details] Reproducer
Thanks for your report. As a workaround for now, you can use (pkexec /usr/sbin/usermod …). The underlying issue is a bug in g_find_program_in_path(). It is documented as “Locates the first executable named @program in the user's path, in the same way that execvp() would locate it.”, but is actually inconsistent with execvp(). execvp(3p) refers to the documentation of PATH at http://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap08.html#tag_08 , which says “… until an executable file with the specified name and appropriate execution permissions is found”, but g_find_program_in_path() is implemented using g_file_test(), which is using the _real_ UID/GID instead of the _effective_ UID/GID. To reproduce: > $ gcc -O2 -Wall -Wextra $(pkg-config --cflags --libs glib-2.0) foo.c -o foo (as root) > # chown root foo > # chmod u+s foo (as unprivileged user) > $ LC_ALL=en_US.UTF-8 ./foo usermod > g_find_program_in_path(): (not found) > Usage: usermod [options] LOGIN … shows that g_find_program_in_path() returns NULL but execlp() can find it fine.
Filed upstream: https://bugzilla.gnome.org/show_bug.cgi?id=740155