Bug 564093 - RFE: allow daemon() in /etc/init.d/functions to pass -m to /sbin/runuser
Summary: RFE: allow daemon() in /etc/init.d/functions to pass -m to /sbin/runuser
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: initscripts
Version: 5.4
Hardware: All
OS: Linux
medium
high
Target Milestone: rc
: ---
Assignee: initscripts Maintenance Team
QA Contact: qe-baseos-daemons
URL:
Whiteboard:
Depends On: 203010
Blocks: 564105 567362 600484
TreeView+ depends on / blocked
 
Reported: 2010-02-11 20:17 UTC by Ken Giusti
Modified: 2018-11-27 20:41 UTC (History)
7 users (show)

Fixed In Version: initscripts-8.45.32-1.el5
Doc Type: Enhancement
Doc Text:
Clone Of: 203010
: 564105 (view as bug list)
Environment:
Last Closed: 2011-01-13 23:05:53 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2011:0075 0 normal SHIPPED_LIVE initscripts bug fix update 2011-01-12 17:22:01 UTC

Description Ken Giusti 2010-02-11 20:17:52 UTC 
+++ This bug was initially created as a clone of Bug #203010 +++

Description of problem:
When running the daemon() function from an initscript and using the "--user" 
option, daemon will run "/sbin/runuser" to execute. This command clears the 
environment by default unless the -m or -p arguments are given. This can create 
a problem because some initscripts set environment variables for their 
programs' use.


Version-Release number of selected component (if applicable):
FC5+

How reproducible:
Always.

Steps to Reproduce:
1. Export a variable in an initscript which sources /etc/init.d/functions
2. call a program using the "daemon --user BLAH program" syntax
  
Actual results:
The variable you exported will not be present in the program's environment.

Expected results:
That the variable would be available, yo, regardless of the fact that we're 
switching users.

--- Additional comment from cleaver.edu on 2006-08-17 15:26:02 EDT ---

*** Bug 203011 has been marked as a duplicate of this bug. ***

--- Additional comment from cleaver.edu on 2006-08-17 15:38:12 EDT ---

This is identical to Bug 123032, which was closed.

--- Additional comment from jonstanley on 2008-04-23 16:28:50 EDT ---

Adding FutureFeature keyword to RFE's.

--- Additional comment from cleaver.edu on 2009-03-24 18:05:56 EDT ---

Any thoughts on this bug/feature? Given the lack of documentation, it seems like a simple declaration that daemon() no longer clears the environment would be sufficient; then add '-m' to the relevant line.


if [ -z "$user" ]; then
     $nice /bin/bash -c "$corelimit >/dev/null 2>&1 ; $*"
else
     $nice runuser -s /bin/bash - $user -c "$corelimit >/dev/null 2>&1 ; $*"
fi
Comment 1 Ken Giusti 2010-02-11 20:23:42 UTC 
This bug effects MRG qpidd for those customers using kerberos.

The KRB5_KTNAME environment variable is used to tell the sasl component of qpidd where the kerb keytab file can be found.

Setting the env var in the /etc/sysconfig/qpidd file will not work, since daemon() clears the environment before starting qpidd.

A work around is to set permissions on the default keytab file /etc/krb5.keytab so qpidd can read it - which is a security issue.

It would be great if the daemon() function in /etc/init.d/functions would allow a parameter that would cause runuser to preserve the environment.

thanks,

-K
Comment 2 Bill Nottingham 2010-02-11 20:52:31 UTC 
Fixed in upstream commit http://git.fedorahosted.org/git/?p=initscripts.git;a=commitdiff;h=89183909b2965e6bc2991b2512161414d2028be8
Comment 3 Bill Nottingham 2010-04-09 19:58:37 UTC 
Note: this commit does not actually do what is required.

http://git.fedorahosted.org/git/?p=initscripts.git;a=commitdiff;h=a3d105dfafd6198c1457e87550e1b46945dd882d

is more correct. Currently being tested in Fedora for side effects.
Comment 8 Bill Nottingham 2010-11-04 04:09:28 UTC 
See https://bugzilla.redhat.com/show_bug.cgi?id=564105#c19 - you may need to export your variables?
Comment 11 errata-xmlrpc 2011-01-13 23:05:53 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2011-0075.html
Comment 12 Bill Nottingham 2012-01-17 16:31:24 UTC 
*** Bug 782139 has been marked as a duplicate of this bug. ***
Comment 13 Jason Bradley Nance 2012-01-17 20:25:32 UTC 
Please re-open this bug.  It is not fixed in RHEL 5.7 nor 6.2.  Neither the -m nor -p options for run user are anywhere in the daemon() function.

Regression?
Comment 14 Bill Nottingham 2012-01-17 20:52:51 UTC 
The fix was to drop the '-' from the line, which was making bash a login shell, which was what was the actual difference causing the environment shift (in testing). Is the fixed version not working for you?
Comment 15 Jason Bradley Nance 2012-01-17 21:13:27 UTC 
No, it doesn't work for me.  I'm still ending up with a "fresh" environment with the variables I exported (actually exported, not just set) in my script disappearing.  If I run "env" right before calling daemon() I can see the variables with the values I expect.  I assumed that runuser was clearing out the env before executing the command (purely based on the documentation of the -m/-p flags).

If I add -m/-p to runuser it works fine.  In this particular instance, I'm using daemon() to start up httpd as a non-root user.

What info can I provide to help?
Comment 16 Bill Nottingham 2012-01-17 22:43:05 UTC 
Will comment in bug 782139.
Note You need to log in before you can comment on or make changes to this bug.