AnsweredAssumed Answered

For Linux users : what is the result of groups command please ?

Question asked by Filsbak on Jan 2, 2017
Latest reply on Feb 2, 2017 by MWNiebuhr

Hi evrybody,

 

When I run in "run_script" operator thoses commands :

 

id > /tmp/info.log

groups >> /tmp/info.log

 

here is result for "oracle" user on my server

uid=1002(oracle) gid=0(root) groupes=0(root) contexte=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
root

But when I run the same commands, in command line, here is the result

[oracle:~] $id
uid=1002(oracle) gid=1002(dba) groupes=1002(dba) contexte=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
[oracle:~] $groups
dba

I think it is because in "$HOME_PAMAGENT_INSTALL/PAMAgent/wrappers/c2ojagtw.sh" script, there is a suspect error on changing group.

If you analize this script, you will see at line 266 this command

$RUNASPROG runas $C2OUSER $C2OGENSCR

I think the best way should be

su - $C2OUSER -c $C2OGENSCR

 

The owner of "$HOME_PAMAGENT_INSTALL/PAMAgent/wrappers/c2ojagtw.sh" script is root. So when root user execute command of line 266, he just change user without changing group.

 

I warned CA support that was able to reproduce the problem without actually offering a solution.
I would like to know if someone is having the same problem abour bad group for any user in a "run_script" operator ?
For info, the PAM agent is executed with the account "root" on my server.

 

Thx.

Outcomes