Bug #23236
mcollective puppetrun via sudo does not use correct home dir on some distros
Description
Choria's (https://github.com/choria-io/mcollective-choria) mcollective ssl auth plugin looks for authentication keys in the running user's home directory.
When executed via sudo -u '~' is expanded to the running user's home directory rather than the impersonated user causing an authentication error.
e.g.
sysadmin@puppet:/usr/share/foreman-proxy$ sudo -u foreman-proxy /opt/puppetlabs/bin/mco find
The find application failed to run, use -v for full error backtrace details: No such file or directory @ rb_sysopen - /home/sysadmin/.puppetlabs/etc/puppet/ssl/certs/foreman-proxy.mcollective.pem
This is confirmed as an issue on Ubuntu because sudo's env_keep is set to exclude $HOME by default on that distro. It may be an issue on other distros too.
Associated revisions
History
#1
Updated by The Foreman Bot over 4 years ago
- Status changed from New to Ready For Testing
#2
Updated by Anonymous over 4 years ago
- Legacy Backlogs Release (now unused) set to 330
#3
Updated by Anonymous over 4 years ago
- % Done changed from 0 to 100
- Status changed from Ready For Testing to Closed
Applied in changeset 6e81b2ed589061348076ea021411ed65d69d47ce.
#4
Updated by Anonymous about 4 years ago
- Target version deleted (
1.18.0)
#5
Updated by Ewoud Kohl van Wijngaarden almost 4 years ago
- Triaged set to No
- Target version changed from 546 to 1.18.0
- Fixed in Releases 1.18.0 added
Fixes #23236 - fix for choria puppetrun on Ubuntu
Choria's (https://github.com/choria-io/mcollective-choria)
mcollective ssl auth plugin looks for authentication keys
in the running user's home directory.
When executed via `sudo -u` '~' is expanded to
the running user's home directory rather than
the impersonated user causing an authentication error.
e.g.
```
sysadmin@puppet:/$ sudo -u foreman-proxy mco find
The find application failed to run, use -v for full
error backtrace details: No such file or directory
@ rb_sysopen -
~/.puppetlabs/etc/puppet/ssl/certs/foreman-proxy.mcollective.pem
```
This change forces sudo to pick up the home directory
of the impersonated user from the passwd database
rather than $HOME.