Hide Forgot
Description of problem: init script does not allow non-root user to check status Version-Release number of selected component (if applicable): 5.0.5-54.el6 How reproducible: easily Steps to Reproduce: 1. su to another user and check status via initscript 2. 3. Actual results: # sudo -u apache service autofs status insufficient privilege to change service status Expected results: # sudo -u apache service autofs status automount (pid 9155) is running... Additional info: For setting up system monitoring via initscripts status it is desirable to be able to run these as non-root user. The current way to mitigate this is to lend the monitoring user sudo access to the desired initscrips. # diff -u /etc/init.d/autofs /tmp/autofs --- /etc/init.d/autofs 2012-04-09 20:09:28.000000000 -0400 +++ /tmp/autofs 2012-09-25 04:02:25.445150671 -0400 @@ -157,6 +157,21 @@ RETVAL=0 +# allow non-root users to read status / usage + +case "$1" in + status) + status -p /var/run/autofs.pid -l autofs $prog + exit 0; + ;; + usage) + usage_message + exit 0; + ;; +esac + + + # Only the root user may change the service status if [ `id -u` -ne 0 ]; then echo "insufficient privilege to change service status" @@ -174,9 +189,6 @@ stop) stop ;; - status) - status -p /var/run/autofs.pid -l autofs $prog - ;; restart|force-reload) restart ;; @@ -192,10 +204,6 @@ restart fi ;; - usage) - usage_message - exit 0; - ;; *) usage_message exit 2
Reproduced on 6.2 package: [root@ibm-dx360m4-01 ~]# su test -c 'service autofs status' insufficient privilege to change service status Verified on autofs-5.0.5-70.el6: [root@ibm-x3550m3-05 ~]# su test -c 'service autofs status' automount (pid 9015) is running...
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2013-0462.html