Description of problem: When the ownership of the sm/ dir is set to rpcuser:rpcuser, rpc.statd will drop the privileges in the drop_privs() function. This is done after doing the mkdir for the SM_BAK_DIR in shuffle_dirs(). This leads to a -EACCESS when rpc.statd tries to unlink the backup dir later: Jan 17 08:49:00 localhost rpc.statd[25852]: unlink (/tmp/testdir/sm.bak/192.168.1.1): Permission denied Version-Release number of selected component (if applicable): tested with nfs-utils-1.0.9-59 Steps to Reproduce: 1. mkdir /tmp/testdir 1. let rpc.statd create its directories: rpc.statd -NFP /tmp/testdir 2. touch /tmp/testdir/sm/192.168.1.1 3. chown /tmp/testdir/sm to rpcuser:rpcuser (see bz#495066) 4. run rpc.statd: rpc.statd -NFP /tmp/testdir -n 192.168.1.2 Actual results: rpc.statd runs as rpcuser:rpcuser and cannot unlink the sm.bak directory Expected results: sm.bak should have rpcuser:rpcuser ownership and rpc.statd should be able to unlink the sm.bak dir Additional info: patch attached to chown SM_BAK_DIR to the uid/gid of the SM_DIR in drop_privs()
Created attachment 555799 [details] patch containing a possible fix
This request was evaluated by Red Hat Product Management for inclusion in a Red Hat Enterprise Linux release. Product Management has requested further review of this request by Red Hat Engineering, for potential inclusion in a Red Hat Enterprise Linux release for currently deployed products. This request is not yet committed for inclusion in a release.
Reproduced on packag nfs-utils-1.0.9-60.el5: [root@ibm-x3550m3-05 ~]# mkdir /tmp/testdir1 [root@ibm-x3550m3-05 ~]# rpc.statd -NFP /tmp/testdir1 [root@ibm-x3550m3-05 ~]# touch /tmp/testdir1/sm/192.168.1.1 [root@ibm-x3550m3-05 ~]# chown rpcuser:rpcuser /tmp/testdir1/sm [root@ibm-x3550m3-05 ~]# ls -l /tmp/testdir1 total 24 drwx------ 2 rpcuser rpcuser 4096 Oct 10 23:41 sm drwx------ 2 root root 4096 Oct 10 23:41 sm.bak -rw------- 1 root root 4 Oct 10 23:41 state [root@ibm-x3550m3-05 ~]# rpc.statd -NFP /tmp/testdir1 -n localhost When above command done, got 'Permission denied' in /var/log/message: Oct 10 23:42:08 ibm-x3550m3-05 rpc.statd[27119]: Version 1.0.9 Starting Oct 10 23:42:08 ibm-x3550m3-05 rpc.statd[27119]: Flags: No-Daemon Notify-Only Oct 10 23:42:38 ibm-x3550m3-05 rpc.statd[27119]: Can't notify 192.168.1.1, giving up. Oct 10 23:42:38 ibm-x3550m3-05 rpc.statd[27119]: unlink (/tmp/testdir1/sm.bak/192.168.1.1): Permission denied Verified on new packag nfs-utils-1.0.9-66.el5: [root@ibm-x3550m3-05 ~]# ls -l /tmp/testdir/ drwx------ 2 rpcuser rpcuser 4096 10-10 23:37 sm drwx------ 2 root root 4096 10-10 23:35 sm.bak -rw------- 1 root root 4 10-10 23:36 state [root@ibm-x3550m3-05 ~]# rpc.statd -NFP /tmp/testdir -n localhost [root@ibm-x3550m3-05 ~]# ls -l /tmp/testdir/ drwx------ 2 rpcuser rpcuser 4096 10-10 23:38 sm drwx------ 2 rpcuser rpcuser 4096 10-10 23:38 sm.bak ^^^^^^^ ^^^^^^^ No 'Permission denied' about unlink now.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2013-0068.html