how do I make lsof be useful again in fc3?
Féliciano Matias
feliciano.matias at free.fr
Fri Dec 10 09:00:28 UTC 2004
Le vendredi 10 décembre 2004 à 09:31 +0100, Tomas Mraz a écrit :
> On Thu, 2004-12-09 at 23:57 -0800, Jamie Zawinski wrote:
> > In FC3, lsof only seems to work properly if you are root.
> >
> > For example: the "ssh-agent" process is running as "jwz" and has the
> > file "/tmp/ssh-rZlWVC4461/agent.4461" open.
> >
> > If I run "lsof -p `pidof ssh-agent`" as root, it shows me this; if I run
> > it as jwz, it does not. This is wrong, since all processes and files
> > are owned by the same non-root user.
> I can confirm this too and it seems to me to be a bug.
>
> > I assume this is because of newly-paranoid permissions on
> > /proc/*/fd (in FC3, those are all owned by root instead of the
> > user running the process.)
> Not all processes have these owned by root. I think it happens only on
> such processes which changed it's uid
$ ll /usr/bin/ssh-agent
-rwxr-sr-x 1 root nobody 58332 sep 21 06:56 /usr/bin/ssh-agent
^
Why ?
Come from the .spec file :
%attr(2755,root,nobody) %{_bindir}/ssh-agent
> from root during their lives.
> The question is if this change was intentional and what was the reason
> for it if yes.
>
Because the process can read files with group == nobody.
> --
> Tomas Mraz <tmraz at redhat.com>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Ceci est une partie de message num?riquement sign?e
URL: <http://listman.redhat.com/archives/fedora-devel-list/attachments/20041210/84409bda/attachment.sig>
More information about the fedora-devel-list
mailing list