Bug 217748 - su: pam_xauth(su-l:session): fchown: Operation not permitted
Summary: su: pam_xauth(su-l:session): fchown: Operation not permitted
Status: CLOSED NOTABUG
Alias: None
Product: Fedora
Classification: Fedora
Component: pam (Show other bugs)
(Show other bugs)
Version: 5
Hardware: All Linux
medium
medium
Target Milestone: ---
Assignee: Tomas Mraz
QA Contact:
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2006-11-29 18:49 UTC by Orion Poplawski
Modified: 2007-11-30 22:11 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-11-29 19:29:23 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Orion Poplawski 2006-11-29 18:49:37 UTC 
Description of problem:

su will generate this error in /var/log/secure when used in an X environment:

su: pam_xauth(su-l:session): fchown: Operation not permitted

strace shows:

24129 geteuid32()                       = 0
24129 setfsuid32(1006)                  = 0
24129 gettimeofday({1164746295, 904402}, NULL) = 0
24129 open("/home/visitor/.xauthgUmsNS", O_RDWR|O_CREAT|O_EXCL|O_LARGEFILE,
0600) = 4
24129 setfsuid32(0)                     = 1006
24129 fchown32(4, 1006, 1009)           = -1 EPERM (Operation not permitted)

code is:

                /* Generate a new file to hold the data. */
                euid = geteuid();
                setfsuid(tpwd->pw_uid);
                fd = mkstemp(xauthority + strlen(XAUTHENV) + 1);
                setfsuid(euid);
                if (fd == -1) {
                        pam_syslog(pamh, LOG_ERR,
                                   "error creating temporary file `%s': %m",
                                   xauthority + strlen(XAUTHENV) + 1);
                        retval = PAM_SESSION_ERR;
                        goto cleanup;
                }
                /* Set permissions on the new file and dispose of the
                 * descriptor. */
                if (fchown(fd, tpwd->pw_uid, tpwd->pw_gid) < 0)
                  pam_syslog (pamh, LOG_ERR, "fchown: %m");
                close(fd);

Version-Release number of selected component (if applicable):
pam-0.99.5.0-5.fc5

same code is in development though.

How reproducible:
every time

Steps to Reproduce:
1.  In an X environment, su to a different user

Now, it seems like this code should work, so maybe it is a kernel/libc issue. 
Hard to tell if the second setfsuid() worked or not since:

      On success, the previous value of fsuid is returned.  On error, the  cur-
       rent value of fsuid is returned.

so the return of 1006 is ambiguous since it could be both the previous value
(1006 set above) or the current value (still 1006).

Seen with kernels 2.6.18-1.2849.fc6 and 2.6.18-1.2239.fc5, libc glibc-2.4-11 and
glibc-2.5-3.
Comment 1 Tomas Mraz 2006-11-29 18:58:59 UTC 
Could it be a SELinux problem? I don't see it on FC6.

What happens when you set SELinux to permissive mode?
Comment 2 Orion Poplawski 2006-11-29 19:06:07 UTC 
Ah, it's because we use NFS home directories...
Comment 3 Tomas Mraz 2006-11-29 19:29:23 UTC 
That makes a sense. The error message is harmless then.
Note You need to log in before you can comment on or make changes to this bug.