Bug 212329 - "Unable to change GID to 501 temporarily"
"Unable to change GID to 501 temporarily"
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: pam (Show other bugs)
x86_64 Linux
medium Severity medium
: ---
: ---
Assigned To: Tomas Mraz
Depends On:
  Show dependency treegraph
Reported: 2006-10-26 06:55 EDT by Tim Waugh
Modified: 2007-11-30 17:07 EST (History)
1 user (show)

See Also:
Fixed In Version: beta2
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2006-12-22 20:43:20 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Tim Waugh 2006-10-26 06:55:58 EDT
Description of problem:
I get lots of messages like this in /var/log/secure:

Oct 25 11:30:18 cyberelk su: pam_keyinit(su-l:session): Unable to change GID to 
501 temporarily 

Is this likely to be a pam_keyinit problem or a coreutils problem?

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. As root, 'su - someuser'
2. Exit from that sub-shell.
Comment 1 Tomas Mraz 2006-10-26 08:59:46 EDT
Bug in pam_keyinit. In kill_keyrings() it sets effective uid instead of the real

David, IMO real uid is important for kernel keyrings or am I wrong?
Comment 2 Tomas Mraz 2006-10-26 09:00:31 EDT
This should be fixed for RHEL5 final.
Comment 3 Tomas Mraz 2006-10-26 10:04:14 EDT
Ah so my comment #1 was wrong as revoking the keyrings must be done with
effective uid set to user id. So we must switch the order of setreuid and
setregid call.
Comment 4 RHEL Product and Program Management 2006-10-26 14:55:07 EDT
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux major release.  Product Management has requested further
review of this request by Red Hat Engineering, for potential inclusion in a Red
Hat Enterprise Linux Major release.  This request is not yet committed for
Comment 6 Tomas Mraz 2006-11-15 08:54:13 EST
Fixed in pam-
Comment 7 RHEL Product and Program Management 2006-12-22 20:43:20 EST
A package has been built which should help the problem described in 
this bug report. This report is therefore being closed with a resolution 
of CURRENTRELEASE. You may reopen this bug report if the solution does 
not work for you.

Note You need to log in before you can comment on or make changes to this bug.