-
Notifications
You must be signed in to change notification settings - Fork 156
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
locate cron script doesn't believe I'm root. #213
Comments
Can you output this?
Cheers, |
Most certainly:
|
If I had to guess it's hitting here: But to be frank piping to su(1) doesn't seem very elegant to me:
How does a shell expect to know it's supposed to execute a command from stdin? This doesn't appear to be documented in su(1) either, but it's also not new scripting. The bigger issue here is that the root shell is set to "opnsense-shell" I believe, but we actually want that. Cheers, |
Ok I think this executes a root shell but then wants it to run with user "nobody". This is quite inconvenient. :) |
I just tried running the script with this diff applied: root@fwleb02:~ # diff -u /etc/periodic/weekly/310.locate 310.locate
--- /etc/periodic/weekly/310.locate 2024-08-07 18:11:22.000000000 +0200
+++ 310.locate 2024-08-12 21:02:09.924076000 +0200
@@ -24,7 +24,7 @@
chmod 644 $locdb || rc=3
cd /
- echo /usr/libexec/locate.updatedb | nice -n 5 su -fm nobody || rc=3
+ nice -n 5 su -fm nobody -c /usr/libexec/locate.updatedb || rc=3
chmod 444 $locdb || rc=3;;
*) rc=0;; Now it works fine. |
@hboetes - you have undone the upstream "security fix" which is done in order to not index and disclose top-secret files. Considering this totally pointless on environments such as OPNsense, use |
Is that the reason for piping random commands to a shell hidden behind su to a user that doesn't maybe even have a shell? What is this? |
It's been there for too long to trace the original commit, breaking various things on the way. Before 2000 for sure. |
Important notices
Before you add a new report, we ask you kindly to acknowledge the following:
Describe the bug
Trying to locate a specific file results in the following interaction:
I hope you can reproduce the issue.
The text was updated successfully, but these errors were encountered: