Bug #23236: mcollective puppetrun via sudo does not use correct home dir on some distros - Smart Proxy - Foreman

Bug #23236

mcollective puppetrun via sudo does not use correct home dir on some distros

Added by Matt Cahill 8 months ago. Updated 3 months ago.

Status:

Closed

Priority:

Normal

Assignee:

Category:

Target version:

Foreman - 1.18.0

Difficulty:

Triaged:

Bugzilla link:

Pull request:

https://github.com/theforeman/smart-proxy/pull/572

Team Backlog:

Fixed in Releases:

Foreman - 1.18.0

Found in Releases:

Description

Choria's (https://github.com/choria-io/mcollective-choria) mcollective ssl auth plugin looks for authentication keys in the running user's home directory.

When executed via sudo -u '~' is expanded to the running user's home directory rather than the impersonated user causing an authentication error.

e.g.

sysadmin@puppet:/usr/share/foreman-proxy$ sudo -u foreman-proxy /opt/puppetlabs/bin/mco find

The find application failed to run, use -v for full error backtrace details: No such file or directory @ rb_sysopen - /home/sysadmin/.puppetlabs/etc/puppet/ssl/certs/foreman-proxy.mcollective.pem

This is confirmed as an issue on Ubuntu because sudo's env_keep is set to exclude $HOME by default on that distro. It may be an issue on other distros too.

Associated revisions

Revision 6e81b2ed (diff)
Added by Matt Cahill 8 months ago

Fixes #23236 - fix for choria puppetrun on Ubuntu

Fixes #23236 - fix for choria puppetrun on ubuntu

Choria's (https://github.com/choria-io/mcollective-choria)
mcollective ssl auth plugin looks for authentication keys
in the running user's home directory.

When executed via `sudo -u` '~' is expanded to
the running user's home directory rather than
the impersonated user causing an authentication error.

e.g.
```
sysadmin@puppet:/$ sudo -u foreman-proxy mco find

The find application failed to run, use -v for full
error backtrace details: No such file or directory
@ rb_sysopen -
~/.puppetlabs/etc/puppet/ssl/certs/foreman-proxy.mcollective.pem
```

This change forces sudo to pick up the home directory
of the impersonated user from the passwd database
rather than $HOME.

History

#1 Updated by The Foreman Bot 8 months ago

Status changed from New to Ready For Testing

#2 Updated by Michael Moll 8 months ago

Legacy Backlogs Release (now unused) set to 330

#3 Updated by Anonymous 8 months ago

% Done changed from 0 to 100
Status changed from Ready For Testing to Closed

Applied in changeset 6e81b2ed589061348076ea021411ed65d69d47ce.

#4 Updated by Anonymous 5 months ago

Target version deleted (~~1.18.0~~)

#5 Updated by Ewoud Kohl van Wijngaarden 3 months ago

Triaged set to No
Target version changed from 546 to 1.18.0
Fixed in Releases 1.18.0 added

Also available in: Atom PDF

Project

General

Profile

Foreman » Smart Proxy

Issues

Custom queries