Bug 66862 - su can't chdir to homedir when user only has group access
Summary: su can't chdir to homedir when user only has group access
Keywords:
Status: CLOSED NEXTRELEASE
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: sh-utils
Version: 7.1
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Tim Waugh
QA Contact: Ben Levenson
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2002-06-17 20:18 UTC by Ben Woodard
Modified: 2007-04-18 16:43 UTC (History)
1 user (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2006-08-04 20:07:08 UTC
Embargoed:


Attachments (Terms of Use)
patch that fixes this problem (19.73 KB, patch)
2002-06-17 20:19 UTC, Ben Woodard
no flags Details | Diff
no really this is the patch. (243 bytes, patch)
2002-06-17 20:23 UTC, Ben Woodard
no flags Details | Diff
Here is a patch which applies on top of the previous one and which should fix the problem with secondary groups. (373 bytes, patch)
2002-06-19 14:21 UTC, Ben Woodard
no flags Details | Diff

Description Ben Woodard 2002-06-17 20:18:39 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.0) Gecko/20020606

Description of problem:
If you have a situation where only membership of a group allows permission to
the parent of a user's homedir and you try to su to that user you get the warning:

su: warning: cannot change directory to /home/test1: Permission denied

and consequently the user's initialization scripts such as ~/.bashrc don't run
properly.

This problem was noticed in 7.1 but it continues to be evident in 7.3

The problem is that before the chdir to the user's homedir su calls setfsuid but
it doesn't call setfsgid. Therefore if the only access the new user has to the
directory is through its group then the following chdir will fail.

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1. adduser test1
2. chmod 750 /home
3. chgrp test1 /home
4. chmod 700 /home/test1
5. su - test1
	

Actual Results:  [root@xenophanes root]# su - test1
su: warning: cannot change directory to /home/test1: Permission denied

(And the .bashrc and other scripts don't run properly unless you put a cd as
their first line)

Expected Results:  it works 

Additional info:

This problem does not exist in the normal version of su. It was somthing that RH
introduced with the sh-utils-2.0.11-pam.patch patch.

Comment 1 Ben Woodard 2002-06-17 20:19:59 UTC
Created attachment 61304 [details]
patch that fixes this problem

Comment 2 Ben Woodard 2002-06-17 20:22:26 UTC
This may appear on the surface to be a very small issue but it has caused a lot
of problems here and an errata would be appriciated.



Comment 3 Ben Woodard 2002-06-17 20:23:41 UTC
Created attachment 61305 [details]
no really this is the patch.

Comment 4 David Sainty 2002-06-19 12:12:33 UTC
Created -14.1gid pkg which fixes this problem.  Verified to work correctly.


Comment 5 Bernhard Rosenkraenzer 2002-06-19 12:26:58 UTC
Fixed in 2.0.11-16

Comment 6 Ben Woodard 2002-06-19 14:17:10 UTC
Additional testing regarding this problem here at LLNL have shown that the
solution that I proposed is inadequate due to the fact that it doesn't take into
account secondary as opposed to primary groups. I was considering suggesting
removing the whole conditional compilation of that section of code and reverting
the code to the way that it was in the pristine version of the source where it
calls change_identity() before it changes directories. However, I was not sure
if there was some subtle security reason for using the setfs[sg]id functions
here as opposed to actually going ahead and changing the credentials. I posted
this query to tech but have not recieved a response as of yet.

Comment 7 Ben Woodard 2002-06-19 14:21:00 UTC
Created attachment 61585 [details]
Here is a patch which applies on top of the previous one and which should fix the problem with secondary groups.

Comment 8 Bill Nottingham 2006-08-04 20:07:08 UTC
Red Hat Linux and Red Hat Powertools are currently no longer supported by Red
Hat, Inc. In an effort to clean up bugzilla, we are closing all bugs in MODIFIED
state for these products.

However, we do want to make sure that nothing important slips through the
cracks. If, in fact, these issues are not resolved in a current Fedora Core
Release (such as Fedora Core 5), please open a new issues stating so. Thanks.


Note You need to log in before you can comment on or make changes to this bug.