From: Marcela Mašláňová Date: Wed, 13 Jan 2010 12:54:43 +0000 (+0100) Subject: With NFS homes can't be job executed, because root can't access X-Git-Tag: cronie1.4.4~5 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=0022401f35f2cff1893d5deeeed200c0d3e3738e;p=cronie With NFS homes can't be job executed, because root can't access this directory. --- diff --git a/src/do_command.c b/src/do_command.c index e1572e5..c6ff0d7 100644 --- a/src/do_command.c +++ b/src/do_command.c @@ -156,9 +156,9 @@ static void child_process(entry * e, user * u) { /*NOTREACHED*/ case 0: Debug(DPROC, ("[%ld] grandchild process fork()'ed\n", (long) getpid())) - if (cron_change_user_permanently(e->pwd) < 0) + if (cron_change_user_permanently(e->pwd, env_get("HOME", jobenv)) < 0) _exit(ERROR_EXIT); - + /* write a log message. we've waited this long to do it * because it was not until now that we knew the PID that * the actual user command shell was going to get and the @@ -272,7 +272,7 @@ static void child_process(entry * e, user * u) { * are part of its reference count now. */ close(stdout_pipe[READ_PIPE]); - if (cron_change_user_permanently(e->pwd) < 0) + if (cron_change_user_permanently(e->pwd, env_get("HOME", jobenv)) < 0) _exit(ERROR_EXIT); /* translation: * \% -> % diff --git a/src/funcs.h b/src/funcs.h index 32d90c2..fabd0b2 100644 --- a/src/funcs.h +++ b/src/funcs.h @@ -93,9 +93,9 @@ int cron_open_security_session( struct passwd *pw ); void cron_close_security_session( void ); -int cron_change_user( struct passwd *pw, char *homedir ); +int cron_change_user( struct passwd *pw ); -int cron_change_user_permanently( struct passwd *pw ); +int cron_change_user_permanently( struct passwd *pw, char *homedir ); int get_security_context(const char *name, int crontab_fd, diff --git a/src/security.c b/src/security.c index 5a2cdfa..c3b1463 100644 --- a/src/security.c +++ b/src/security.c @@ -120,7 +120,7 @@ int cron_set_job_security_context(entry * e, user * u, char ***jobenv) { } #endif - if (cron_change_user(e->pwd, env_get("HOME", *jobenv)) != 0) { + if (cron_change_user(e->pwd) != 0) { log_it(e->pwd->pw_name, getpid(), "ERROR", "failed to change user", 0); return -1; } @@ -189,7 +189,7 @@ void cron_close_pam(void) { #endif } -int cron_change_user(struct passwd *pw, char *homedir) { +int cron_change_user(struct passwd *pw) { pid_t pid = getpid(); /* set our directory, uid and gid. Set gid first, since once * we set uid, we've lost root privledges. @@ -209,18 +209,19 @@ int cron_change_user(struct passwd *pw, char *homedir) { return -1; } - if (chdir(homedir) == -1) { - log_it("CRON", pid, "ERROR chdir failed", homedir, errno); - return -1; - } return 0; } -int cron_change_user_permanently(struct passwd *pw) { +int cron_change_user_permanently(struct passwd *pw, char *homedir) { if (setreuid(pw->pw_uid, pw->pw_uid) != 0) { log_it("CRON", getpid(), "ERROR", "setreuid failed", errno); return -1; } + if (chdir(homedir) == -1) { + log_it("CRON", getpid(), "ERROR chdir failed", homedir, errno); + return -1; + } + return 0; }