Hi Paul, Allan, @Paul, Thanks for reporting this issue. Please check the existing comments in bug 904332
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904332 @Sven can you please help us and maybe explain how Paul should be using the cacti-spine binary with these Linux capabilities enabled that we added in that version by your patch. I guess he needs to install libcap2-bin and run $(chmod u-s /usr/sbin/spine) Paul On 26-02-2019 07:39, Paul Allen wrote: > Package: cacti-spine > Version: 1.1.37-1~bpo9+1 > Severity: normal > > Dear Maintainer, > > > * What led up to the situation? > Upgrading from cacti-spine_1.1.37-1~bpo9+1 to > cacti-spine_1.1.37-2~bpo9+1 caused execution of cacti-spine for non-root > users to break, even with setuid bits set for either just user or all. > * What exactly did you do (or not do) that was effective (or > ineffective)? > Attempted to set setuid bits on /usr/sbin/spine to permit execution > by non-root users (eg, cacti). Attempted to debug by running > "/usr/sbnin/spine -H=180 -R -S -V=5" and "/usr/sbin/spine -h" as both root > and cacti users. > * What was the outcome of this action? > /usr/sbin/spine would fail silently when executed by cacti user but > would run successfully when executed by root user. Example: > cacti@mon1:~# /usr/sbin/spine -H=180 -R -S -V=5 > cacti@mon1:~# > cacti@mon1:~# /usr/sbin/spine -h > cacti@mon1:~# > > * What outcome did you expect instead? > Expected spine to execute successfully for non-root cacti user once > setuid bit(s) were set. > > Re-installing cacti-spine_1.1.37-2~bpo9+1 had no effect, Removing and > re-adding setuid bits had no effect. Once I rolled the package back to > cacti-spine_1.1.37-1~bpo9+1 and set the setuid bit for the user it started > executing successfully again for the no-root cacti user with no other changes > necessary. > > > > -- System Information: > Debian Release: 9.8 > APT prefers stable-updates > APT policy: (500, 'stable-updates'), (500, 'stable') > Architecture: amd64 (x86_64) > > Kernel: Linux 4.9.0-6-amd64 (SMP w/16 CPU cores) > Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), > LANGUAGE=en_US.UTF-8 (charmap=UTF-8) > Shell: /bin/sh linked to /bin/dash > Init: systemd (via /run/systemd/system) > > Versions of packages cacti-spine depends on: > ii cacti 1.1.38+ds1-1~bpo9+1 > ii dbconfig-no-thanks 2.0.11~bpo9+1 > ii debconf [debconf-2.0] 1.5.61 > ii libc6 2.24-11+deb9u4 > ii libmariadbclient18 10.1.37-0+deb9u1 > ii libsnmp30 5.7.3+dfsg-1.7+deb9u1 > ii ucf 3.0036 > > cacti-spine recommends no packages. > > Versions of packages cacti-spine suggests: > ii snmp-mibs-downloader 1.1+nmu1 > > -- no debconf information >
