Need help. Problem with setgid on Fedora Core 9.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I upgraded from Core 4 to Core 9 (fresh install) and now my mailinglist manager, mj2, won't work anymore. Here's the problem. In ~majordomo/bin, I have all of the programs (written in perl) and all of the associated wrappers. The wrappers are all owned by majordomo (owner and group) and the appropriate ones also have setuid and setgid bits set. Unless I am sudo'd to the majordomo account (103 in this case), the program does not start because of a problem with setgid.

BTW, selinux is totally disabled.

528 > ~majordomo/bin/mj_shell
Insecure dependency in eval while running setuid at /usr/lib/perl5/5.10.0/SelfLoader.pm line 54. Compilation failed in require at /usr/lib/perl5/site_perl/5.10.0/Term/ReadLine/Perl.pm line 63.
529 >

I did some experimenting and discovered that the setgid bit is not working. In fact, I even went so far as to modify the code so that the wrapper was installed setuid/setgid as root and I made the program do a setgid, setegid, setresgid to 103, all to no avail. The error that I get back is EPERM, which in the man page says:

 The calling  process  is  not  privileged  (does  not  have  the
 CAP_SETGID  capability),  and  gid  does not match the effective
 group ID or saved set-group-ID of the calling process.

To recap, the fundamental problem is that I seem to no longer be able to run setgid either as root or as the result of installing a program with the setgid bit set. The software I'm using is actuallying looking to see if the current group is the same as the saved group.

It doesn't matter if I run it as steveo or root. The only time it succeeds is if I am su'd to majordomo.

If anyone can help me and help quickly, my server is now down, and I'd really appreciate suggestions on what to do.

Is there something that needs to be done to allow setgid to succeed? AFAICT, that's the only thing that's holding me up right now.

--
Time flies like the wind. Fruit flies like a banana. Stranger things have  .0.
happened but none stranger than this. Does your driver's license say Organ ..0
Donor?Black holes are where God divided by zero. Listen to me! We are all- 000
individuals! What if this weren't a hypothetical question?
steveo at syslang.net

--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux