Hi evrybody,
When I run in "run_script" operator thoses commands :
id > /tmp/info.log
groups >> /tmp/info.log
here is result for "oracle" user on my server
uid=1002(oracle) gid=0(root) groupes=0(root) contexte=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
root
But when I run the same commands, in command line, here is the result
[oracle:~] $id
uid=1002(oracle) gid=1002(dba) groupes=1002(dba) contexte=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
[oracle:~] $groups
dba
I think it is because in "$HOME_PAMAGENT_INSTALL/PAMAgent/wrappers/c2ojagtw.sh" script, there is a suspect error on changing group.
If you analize this script, you will see at line 266 this command
$RUNASPROG runas $C2OUSER $C2OGENSCR
I think the best way should be
su - $C2OUSER -c $C2OGENSCR
The owner of "$HOME_PAMAGENT_INSTALL/PAMAgent/wrappers/c2ojagtw.sh" script is root. So when root user execute command of line 266, he just change user without changing group.
I warned CA support that was able to reproduce the problem without actually offering a solution.
I would like to know if someone is having the same problem abour bad group for any user in a "run_script" operator ?
For info, the PAM agent is executed with the account "root" on my server.
Thx.