Hide Forgot
Description of problem: Under some conditions, tar reports a "write error" message. Version-Release number of selected component (if applicable): tar-1.23-14.el6.x86_64 (latest) tar-1.23-7.el6.x86_64 (fixed a similar problem) How reproducible: always Steps to Reproduce: 1. user2 has tcsh or ksh as a login shell 2. log on server as user1 (console, ssh) 3. execute "su - user2" command 4. tar czf file.tgz /etc/{passwd,group} 5. tar tzf file.tgz | head -1 Actual results: etc/passwd tar: write error Expected results: etc/passwd Additional info: - reproduced in ksh and tcsh, local user, tar/gtar, gnu/posix type of archive - not reproduced in bash, but bash might be affected as well - not reproduced without gzip - not reproduced when steps are not exactly the same: login as a non-root user first is required Similar problem was solved in this bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=807728
I'm not able to reproduce this in tcsh/ksh. Zdeňek, have you been able to reproduce this?
Pavel, I reproduced it on my vm the same way as the customer. All the steps described are necessary.
Not reproducible for me, though: Last login: Wed Apr 20 14:35:06 2016 from 192.168.122.1 [tcshuser@localhost ~]$ ps PID TTY TIME CMD 4408 pts/0 00:00:00 csh 4417 pts/0 00:00:00 ps [tcshuser@localhost ~]$ su - kshuser Password: $ tar czf file.tgz /etc/{passwd,group} tar: Removing leading `/' from member names $ tar tzf file.tgz | head -1 etc/passwd $ tar tzf file.tgz | : $ ps PID TTY TIME CMD 4422 pts/0 00:00:00 ksh 4438 pts/0 00:00:00 ps $ rpm -q tar tcsh ksh bash tar-1.23-13.el6.x86_64 tcsh-6.17-25.el6_6.x86_64 ksh-20120801-28.el6_7.3.x86_64 bash-4.1.2-33.el6_7.1.x86_64
Here, reproduced again: $ ssh user1@rhel6 Last login: Wed Apr 20 15:01:06 2016 from 192.168.122.1 [user1@user1-rhel67 ~]$ ps PID TTY TIME CMD 23948 pts/1 00:00:00 bash 23985 pts/1 00:00:00 ps $ su - kuser2 Password: $ tar czf file.tgz /etc/{passwd,group} tar: Removing leading `/' from member names $ tar tzf file.tgz | head -1 etc/passwd tar: write error $ tar tzf file.tgz | : tar: write error $ ps PID TTY TIME CMD 23995 pts/1 00:00:00 ksh 24019 pts/1 00:00:00 ps $ rpm -q tar tcsh ksh bash tar-1.23-13.el6.x86_64 tcsh-6.17-25.el6_6.x86_64 ksh-20120801-28.el6_7.3.x86_64 bash-4.1.2-33.el6_7.1.x86_64 RHEL 6, all packages updated. What else can I do now?
Thanks, the issue is that PAM (called from 'su' binary) for some reason SIG_IGN'ores SIGPIPE while switching from ksh user (user1) to tcsh user (user2). Tar is then started in environment where SIGPIPE is blocked and thus it is not terminated automatically by that signal -- that is why (even though the SIGPIPE came) tar tries to write to 'stdout' and ends with this error message. I'm not sure the SIGPIPE should be ignored before subsequent process is started, so switching ot pam.
What are the PAM modules configured for su? I.E. what is the contents of /etc/pam.d/su /etc/pam.d/su-l /etc/pam.d/system-auth? I do not see any manipulation of SIGPIPE handler in PAM library and the modules that are part of the main pam package.
The content is RHEL6 default: cat /etc/pam.d/su-l #%PAM-1.0 auth include su account include su password include su session optional pam_keyinit.so force revoke session include su $ cat /etc/pam.d/su #%PAM-1.0 auth sufficient pam_rootok.so # Uncomment the following line to implicitly trust users in the "wheel" group. #auth sufficient pam_wheel.so trust use_uid # Uncomment the following line to require a user to be in the "wheel" group. #auth required pam_wheel.so use_uid auth include system-auth account sufficient pam_succeed_if.so uid = 0 use_uid quiet account include system-auth password include system-auth session include system-auth session optional pam_xauth.so
Created attachment 1150323 [details] Ltrace log Ltrace log obtained like: $ ltrace -f -p 12371 -S (the first pid traced is the ksh login shell of user1)
/etc/pam.d/system-auth contents: #%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time authconfig is run. auth required pam_env.so auth sufficient pam_fprintd.so auth sufficient pam_unix.so nullok try_first_pass auth requisite pam_succeed_if.so uid >= 500 quiet auth required pam_deny.so account required pam_unix.so account sufficient pam_localuser.so account sufficient pam_succeed_if.so uid < 500 quiet account required pam_permit.so password requisite pam_cracklib.so try_first_pass retry=3 type= password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok password required pam_deny.so session optional pam_keyinit.so revoke session required pam_limits.so session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid session required pam_unix.so
This is most probably caused by the pam_fprintd.so. The sigaction from the ltrace above is missing reinstating of the original sigaction value.