Bug#923309: cacti-spine_1.1.37-2~bpo9+1 fails to run under non-root user

Mon, 25 Feb 2019 22:48:25 -0800 

Package: cacti-spine
Version: 1.1.37-1~bpo9+1
Severity: normal

Dear Maintainer,


   * What led up to the situation?
        Upgrading from cacti-spine_1.1.37-1~bpo9+1 to 
cacti-spine_1.1.37-2~bpo9+1 caused execution of cacti-spine for non-root users 
to break, even with setuid bits set for either just user or all.
   * What exactly did you do (or not do) that was effective (or
     ineffective)?
        Attempted to set setuid bits on /usr/sbin/spine to permit execution by 
non-root users (eg, cacti). Attempted to debug by running "/usr/sbnin/spine 
-H=180 -R -S -V=5" and "/usr/sbin/spine -h" as both root and cacti users.
   * What was the outcome of this action?
        /usr/sbin/spine would fail silently when executed by cacti user but 
would run successfully when executed by root user. Example: 
    cacti@mon1:~# /usr/sbin/spine -H=180 -R -S -V=5
    cacti@mon1:~#
    cacti@mon1:~# /usr/sbin/spine -h
    cacti@mon1:~#

   * What outcome did you expect instead?
        Expected spine to execute successfully for non-root cacti user once 
setuid bit(s) were set.

Re-installing cacti-spine_1.1.37-2~bpo9+1 had no effect, Removing and re-adding 
setuid bits had no effect. Once I rolled the package back to 
cacti-spine_1.1.37-1~bpo9+1 and set the setuid bit for the user it started 
executing successfully again for the no-root cacti user with no other changes 
necessary.



-- System Information:
Debian Release: 9.8
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-6-amd64 (SMP w/16 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages cacti-spine depends on:
ii  cacti                  1.1.38+ds1-1~bpo9+1
ii  dbconfig-no-thanks     2.0.11~bpo9+1
ii  debconf [debconf-2.0]  1.5.61
ii  libc6                  2.24-11+deb9u4
ii  libmariadbclient18     10.1.37-0+deb9u1
ii  libsnmp30              5.7.3+dfsg-1.7+deb9u1
ii  ucf                    3.0036

cacti-spine recommends no packages.

Versions of packages cacti-spine suggests:
ii  snmp-mibs-downloader  1.1+nmu1

-- no debconf information

Reply via email to