Red Hat Bugzilla – Bug 856403
shellinabox needs to run as a particular user if it is to have access to .pem files.
Last modified: 2012-09-26 04:59:21 EDT
Created attachment 611957 [details]
updated sysconfig to support shellinabox user and group
Description of problem:
As packaged, shellinabox can not run as it doesn't have access to a directory to store its generated .pem files.
Version-Release number of selected component (if applicable):
install shellinabox and then try systemctl start shellinaboxd.service and then check the status and /var/log/messages.
I am attaching an updated shellinaboxd.sysconfig and a diff to the spec file that fix the problem. The problem is fixed by having pre in the spec create a user account, having post chown a directory in /var/run to that user account, and having the sysconfig file tell shellinabox to look for certs in that directory and run with the shellinabox user and group.
The patch to the spec file assumes that bug:
Created attachment 611959 [details]
Patch to spec to implement fix
Sorry I didn't include a %changelog entry in the spec and I missed your new packages that were just built a few days ago.
Here is a candidate template:
* Tue Sep 11 2012 Joel Young <email@example.com> - 2.14-8
+- Fix bug with firefox 15 in which - key ignored
+- Create shellinabox user/group and /var/run dir for certs
Many thanks for the patches. I mostly use it as a web ssh frontend to some hidden boxes, so I didn't step onto the issue.
I applied the required changes, but a bit differently to comply with packaging guidelines and uniformity:
Many thanks! Builds on the way.
shellinabox-2.14-9.el5 has been submitted as an update for Fedora EPEL 5.
shellinabox-2.14-9.el6 has been submitted as an update for Fedora EPEL 6.
shellinabox-2.14-9.fc16 has been submitted as an update for Fedora 16.
shellinabox-2.14-9.fc17 has been submitted as an update for Fedora 17.
shellinabox-2.14-9.fc18 has been submitted as an update for Fedora 18.
I forgot one thing on my patch. I think that the /var/run/shellinabox directory should be chmod 700. What do you think?
Thanks for processing these so quickly!
Never mind. I see in your spec that you set it to 750. That is fine!
From what I read in the packager guidelines, fedora doesn't advocate removing the user on package uninstall.
s/doesn't advocate/forbids/ is closer.
* should fix your issue,
* was pushed to the Fedora 18 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing shellinabox-2.14-9.fc18'
as soon as you are able to.
Please go to the following url:
then log in and leave karma (feedback).
Thanks! I've tested these on F16 and they work fine. Note that I did create a new bug (I guess it is really a feature request) also.
Sorry for sending these staggered. Didn't expect such fast support! I have no more in the pipeline.
(In reply to comment #11)
> s/doesn't advocate/forbids/ is closer.
Oh, it's true . I thought about what was done in another package, but that was to switch from a dynamic fedora-usermgmt created user to switch to an allocated static uid and not for a normal user.
I will remove that along with the changes in the other bug.
"We never remove users or groups created by packages. [...] Cleanup of unused users/groups is left to the system administrators to take care of if they so desire."
shellinabox-2.14-9.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report.
shellinabox-2.14-9.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report.
shellinabox-2.14-9.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report.