Public bug reported:
When a job is invoked from cron and the pam_group.so is configured to
add supplementary groups it DOES NOT work as expected.
pam_group should provide membership based /etc/security/group.conf and
it is working fine if you test with login or sudo.
After some tests I've compiled pam_group.so in DEBUG and I can confirm
that pam_setcred in being called by cron and the module is adding the
expected groups membership.
Then, checking do_command.c of cron I found there is need to call
pam_setcred(pamh, PAM_REINITIALIZE_CRED | PAM_SILENT) after fork()
the final patch should be something like
#if defined(USE_PAM)
if (pamh != NULL) {
pam_setcred(pamh, PAM_REINITIALIZE_CRED | PAM_SILENT);
}
#endif
ProblemType: Bug
DistroRelease: Ubuntu 20.04
Package: cron 3.0pl1-136ubuntu1
ProcVersionSignature: Ubuntu 5.4.0-65.73-generic 5.4.78
Uname: Linux 5.4.0-65-generic x86_64
ApportVersion: 2.20.11-0ubuntu27.16
Architecture: amd64
CasperMD5CheckResult: pass
Date: Mon Mar 1 15:49:42 2021
InstallationDate: Installed on 2021-01-21 (39 days ago)
InstallationMedia: Ubuntu-Server 20.04.1 LTS "Focal Fossa" - Release amd64
(20200731)
ProcEnviron:
TERM=xterm
PATH=(custom, no user)
XDG_RUNTIME_DIR=<set>
LANG=en_US.UTF-8
SHELL=/bin/bash
SourcePackage: cron
UpgradeStatus: No upgrade log present (probably fresh install)
** Affects: cron (Ubuntu)
Importance: Undecided
Status: New
** Tags: amd64 apport-bug focal uec-images
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1917350
Title:
cron not honoring pam_group.so groups
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cron/+bug/1917350/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
