Problem
Posted: Sun May 11, 2003 5:08 pmHi!
Scenario:
let's say httpd launches a process called /xpto/bin/usermng, which is a symlink to /xpto/sbin/wrapper. wrapper is a suid program, that then calls the real /xpto/sbin/usermng. usermng needs to write in /etc (for shadow/passwd and temp files).
I have these two entries in my default acl:
subject /xpto/sbin/* {
/etc rw
}
subject /xpto/bin/* {
/etc rw
}
I use the wildcard because some other programs need that access too.
Yet, i get this on the logs:
denied open of /etc/shadow.xpto_lock for reading writing by (usermng:17467) uid/euid:0/0 gid/egid:0/0, parent (httpd:6677)
What can i be missing? Btw, wouldn't be a good idea that the process shows up on the logs with it's full path?
I'm using 2.0pre4
Thanks in advance
Scenario:
let's say httpd launches a process called /xpto/bin/usermng, which is a symlink to /xpto/sbin/wrapper. wrapper is a suid program, that then calls the real /xpto/sbin/usermng. usermng needs to write in /etc (for shadow/passwd and temp files).
I have these two entries in my default acl:
subject /xpto/sbin/* {
/etc rw
}
subject /xpto/bin/* {
/etc rw
}
I use the wildcard because some other programs need that access too.
Yet, i get this on the logs:
denied open of /etc/shadow.xpto_lock for reading writing by (usermng:17467) uid/euid:0/0 gid/egid:0/0, parent (httpd:6677)
What can i be missing? Btw, wouldn't be a good idea that the process shows up on the logs with it's full path?
I'm using 2.0pre4
Thanks in advance