Project

General

Profile

Bug #23236

mcollective puppetrun via sudo does not use correct home dir on some distros

Added by Matt Cahill 8 months ago. Updated 3 months ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
-
Target version:
Difficulty:
Triaged:
No
Bugzilla link:
Team Backlog:
Fixed in Releases:
Found in Releases:

Description

Choria's (https://github.com/choria-io/mcollective-choria) mcollective ssl auth plugin looks for authentication keys in the running user's home directory.

When executed via sudo -u '~' is expanded to the running user's home directory rather than the impersonated user causing an authentication error.

e.g.

sysadmin@puppet:/usr/share/foreman-proxy$ sudo -u foreman-proxy /opt/puppetlabs/bin/mco find

The find application failed to run, use -v for full error backtrace details: No such file or directory @ rb_sysopen - /home/sysadmin/.puppetlabs/etc/puppet/ssl/certs/foreman-proxy.mcollective.pem

This is confirmed as an issue on Ubuntu because sudo's env_keep is set to exclude $HOME by default on that distro. It may be an issue on other distros too.

Associated revisions

Revision 6e81b2ed (diff)
Added by Matt Cahill 8 months ago

Fixes #23236 - fix for choria puppetrun on Ubuntu

  • Fixes #23236 - fix for choria puppetrun on ubuntu

Choria's (https://github.com/choria-io/mcollective-choria)
mcollective ssl auth plugin looks for authentication keys
in the running user's home directory.

When executed via `sudo -u` '~' is expanded to
the running user's home directory rather than
the impersonated user causing an authentication error.

e.g.
```
sysadmin@puppet:/$ sudo -u foreman-proxy mco find

The find application failed to run, use -v for full
error backtrace details: No such file or directory
@ rb_sysopen -
~/.puppetlabs/etc/puppet/ssl/certs/foreman-proxy.mcollective.pem
```

This change forces sudo to pick up the home directory
of the impersonated user from the passwd database
rather than $HOME.

History

#1 Updated by The Foreman Bot 8 months ago

  • Status changed from New to Ready For Testing

#2 Updated by Michael Moll 8 months ago

  • Legacy Backlogs Release (now unused) set to 330

#3 Updated by Anonymous 8 months ago

  • % Done changed from 0 to 100
  • Status changed from Ready For Testing to Closed

#4 Updated by Anonymous 5 months ago

  • Target version deleted (1.18.0)

#5 Updated by Ewoud Kohl van Wijngaarden 3 months ago

  • Triaged set to No
  • Target version changed from 546 to 1.18.0
  • Fixed in Releases 1.18.0 added

Also available in: Atom PDF