Package: cacti-spine Version: 1.1.37-1~bpo9+1 Severity: normal Dear Maintainer,
* What led up to the situation? Upgrading from cacti-spine_1.1.37-1~bpo9+1 to cacti-spine_1.1.37-2~bpo9+1 caused execution of cacti-spine for non-root users to break, even with setuid bits set for either just user or all. * What exactly did you do (or not do) that was effective (or ineffective)? Attempted to set setuid bits on /usr/sbin/spine to permit execution by non-root users (eg, cacti). Attempted to debug by running "/usr/sbnin/spine -H=180 -R -S -V=5" and "/usr/sbin/spine -h" as both root and cacti users. * What was the outcome of this action? /usr/sbin/spine would fail silently when executed by cacti user but would run successfully when executed by root user. Example: cacti@mon1:~# /usr/sbin/spine -H=180 -R -S -V=5 cacti@mon1:~# cacti@mon1:~# /usr/sbin/spine -h cacti@mon1:~# * What outcome did you expect instead? Expected spine to execute successfully for non-root cacti user once setuid bit(s) were set. Re-installing cacti-spine_1.1.37-2~bpo9+1 had no effect, Removing and re-adding setuid bits had no effect. Once I rolled the package back to cacti-spine_1.1.37-1~bpo9+1 and set the setuid bit for the user it started executing successfully again for the no-root cacti user with no other changes necessary. -- System Information: Debian Release: 9.8 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.9.0-6-amd64 (SMP w/16 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages cacti-spine depends on: ii cacti 1.1.38+ds1-1~bpo9+1 ii dbconfig-no-thanks 2.0.11~bpo9+1 ii debconf [debconf-2.0] 1.5.61 ii libc6 2.24-11+deb9u4 ii libmariadbclient18 10.1.37-0+deb9u1 ii libsnmp30 5.7.3+dfsg-1.7+deb9u1 ii ucf 3.0036 cacti-spine recommends no packages. Versions of packages cacti-spine suggests: ii snmp-mibs-downloader 1.1+nmu1 -- no debconf information