Bug 217748 – su: pam_xauth(su-l:session): fchown: Operation not permitted

Bug 217748 - su: pam_xauth(su-l:session): fchown: Operation not permitted

Summary:	su: pam_xauth(su-l:session): fchown: Operation not permitted

Status:	CLOSED NOTABUG

Aliases:	None

Product:	Fedora
Classification:	Fedora
Component:	pam (Show other bugs)
Sub Component:
Version:	5
Hardware:	All Linux

Priority	medium Severity medium
Target Milestone:	---
Target Release:	---
Assigned To:	Tomas Mraz
QA Contact:
Docs Contact:

URL:
Whiteboard:
Keywords:

Depends On:
Blocks:
	Show dependency tree / graph

Reported:	2006-11-29 13:49 EST by Orion Poplawski
Modified:	2007-11-30 17:11 EST (History)
CC List:	0 users

See Also:
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Story Points:	---
Clone Of:
Environment:
Last Closed:	2006-11-29 14:29:23 EST
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Groups: None (edit)

Description Orion Poplawski 2006-11-29 13:49:37 EST

Description of problem:

su will generate this error in /var/log/secure when used in an X environment:

su: pam_xauth(su-l:session): fchown: Operation not permitted

strace shows:

24129 geteuid32()                       = 0
24129 setfsuid32(1006)                  = 0
24129 gettimeofday({1164746295, 904402}, NULL) = 0
24129 open("/home/visitor/.xauthgUmsNS", O_RDWR|O_CREAT|O_EXCL|O_LARGEFILE,
0600) = 4
24129 setfsuid32(0)                     = 1006
24129 fchown32(4, 1006, 1009)           = -1 EPERM (Operation not permitted)

code is:

                /* Generate a new file to hold the data. */
                euid = geteuid();
                setfsuid(tpwd->pw_uid);
                fd = mkstemp(xauthority + strlen(XAUTHENV) + 1);
                setfsuid(euid);
                if (fd == -1) {
                        pam_syslog(pamh, LOG_ERR,
                                   "error creating temporary file `%s': %m",
                                   xauthority + strlen(XAUTHENV) + 1);
                        retval = PAM_SESSION_ERR;
                        goto cleanup;
                }
                /* Set permissions on the new file and dispose of the
                 * descriptor. */
                if (fchown(fd, tpwd->pw_uid, tpwd->pw_gid) < 0)
                  pam_syslog (pamh, LOG_ERR, "fchown: %m");
                close(fd);

Version-Release number of selected component (if applicable):
pam-0.99.5.0-5.fc5

same code is in development though.

How reproducible:
every time

Steps to Reproduce:
1.  In an X environment, su to a different user

Now, it seems like this code should work, so maybe it is a kernel/libc issue. 
Hard to tell if the second setfsuid() worked or not since:

      On success, the previous value of fsuid is returned.  On error, the  cur-
       rent value of fsuid is returned.

so the return of 1006 is ambiguous since it could be both the previous value
(1006 set above) or the current value (still 1006).

Seen with kernels 2.6.18-1.2849.fc6 and 2.6.18-1.2239.fc5, libc glibc-2.4-11 and
glibc-2.5-3.

Comment 1 Tomas Mraz 2006-11-29 13:58:59 EST

Could it be a SELinux problem? I don't see it on FC6.

What happens when you set SELinux to permissive mode?

Comment 2 Orion Poplawski 2006-11-29 14:06:07 EST

Ah, it's because we use NFS home directories...

Comment 3 Tomas Mraz 2006-11-29 14:29:23 EST

That makes a sense. The error message is harmless then.

Note You need to log in before you can comment on or make changes to this bug.