I've just been banging my head against lurker (mailing list program we
use on hantslug) as it had stopped working.
I've diagnosed what's wrong, but have very little clue as to _why_.
The box runs exim as a mailserver and that runs as the Debian-exim user:
$ id Debian-exim
uid=102(Debian-exim) gid=102(Debian-exim)
groups=102(Debian-exim),105(lurker),106(greylist)
After the upgrade and reboot (no nscd installed BTW), we had this
lurker issue so I shoved this little naff wrapper around the process:
ps -ef >> /tmp/apb.$$
/usr/bin/id >> /tmp/apb.$$
strace -f -o /tmp/strace.$$ /usr/bin/lurker-index "$@"
This shows:
* exim and this process running as Debian-exim
* id reports "uid=102(Debian-exim) gid=102(Debian-exim)"
** what on earth happened to the other groups!
* strace shows permission denied (see above)
How on earth is it dropping those other groups? The only thing I can
think of is that exim's use of setgid/setpgid is doing it. I'll
certainly admit that reading those manpages can get your head in a
twist so I wondered if anyone can shine a light on it?
I've just dug out my copy of Stevens and it says (bottom of P241):
"The supplementary group IDs are not affected by setgid, setregid or
setegid".
$ grep et exim.strace |grep id |grep -v pid
11552 geteuid32() = 102
11552 geteuid32() = 0
11552 getuid32() = 102
11552 getgid32() = 102
11552 getegid32() = 102
11552 geteuid32() = 0
11552 geteuid32() = 0
11552 getegid32() = 102
11552 setgid32(102) = 0
11552 setuid32(0) = 0
11552 setgid32(102) = 0
11553 geteuid32() = 0
11553 getegid32() = 102
11553 setgid32(102) = 0
11553 setuid32(102) = 0
11554 setpgid(0, 0) = 0
11554 getuid32() = 102
11554 getgid32() = 102
11554 geteuid32() = 102
11554 getegid32() = 102
11555 geteuid32() = 102
11557 geteuid32() = 102
11557 getuid32() = 102
11557 getegid32() = 102
11557 getgid32() = 102
11558 geteuid32() = 102
11558 getuid32() = 102
11558 getegid32() = 102
11558 getgid32() = 102
11559 geteuid32() = 102
11559 getuid32() = 102
11559 getegid32() = 102
11559 getgid32() = 102
11561 geteuid32() = 102
11561 getuid32() = 102
11561 getegid32() = 102
11561 getgid32() = 102
11562 geteuid32() = 102
11562 getuid32() = 102
11562 getegid32() = 102
11562 getgid32() = 102
11563 getuid32() = 102
11563 getgid32() = 102
11563 geteuid32() = 102
11563 getuid32() = 102
11563 geteuid32() = 102
11563 getuid32() = 102
11552 geteuid32() = 0
11552 getegid32() = 102
11552 setgid32(102) = 0
11552 setuid32(102) = 0
Adrian
--
bitcube.co.uk - Expert Linux infrastructure consultancy
Puppet, Debian, Red Hat, Ubuntu, CentOS
