Page 1 of 1
atd
Posted:
Mon Mar 18, 2002 1:36 pmby wschlich
starting at-daemon using 2.4.18-1.9.4:
--8<--
Mar 18 18:23:47 prometheus atd[30853]: Can't link execution file: Permission denied
--8<--
grsecurity issue? ideas? TIA.
hmm
Posted:
Mon Mar 18, 2002 4:16 pmby spender
looks like it's related to the linking restrictions. Find the system log from grsecurity related to it and paste it here.
Posted:
Mon Mar 18, 2002 4:54 pmby wschlich
there's none :-(
well
Posted:
Mon Mar 18, 2002 4:56 pmby spender
then i don't think it's a grsecurity issue. Try stracing the process and see what's going on.
Posted:
Tue Mar 19, 2002 11:05 amby wschlich
well, it works with grsecurity disabled, so.. :-)
http://wolfram.schlich.org/tmp/atd.strace
I've no idea why it exits... :-/
Posted:
Tue Mar 19, 2002 11:22 amby wschlich
permissions of /usr/bin/at is now 4750, with user at being member of the corresponding group "trusted" (just added it to this one), perm of /usr/bin is 744, now it says:
--8<--
[...]
munmap(0x45ed7000, 4096) = 0
geteuid32() = 0
write(2, "Garbled time\n", 13Garbled time
) = 13
_exit(1)
--8<--
any ideas?
Posted:
Thu Mar 28, 2002 5:39 pmby wschlich
argh.... this caused the problems:
[root@prometheus:do-conf]$ ls -la /var/spool/atjobs
/var/spool/atjobs:
total 17k
drwx------ 2 at at 144 Mar 19 16:07 .
drwxr-xr-x 18 root root 395 Mar 28 09:24 ..
-rw------- 1 at at 6 Mar 18 18:28 .SEQ
-rw------- 1 at at 186 Mar 19 16:14 .bash_history
-rwx------ 1 root root 2.5k Mar 18 18:23 a0000601028093
-rwx------ 1 root root 1.9k Mar 18 18:28 a0000701028098
[root@prometheus:do-conf]$
the last two files had to be removed in order to make atd run again...
you were right again :-)
pfft!
Posted:
Thu Mar 28, 2002 9:41 pmby spender
aren't i always?
NAK^WACK :-P
Posted:
Fri Mar 29, 2002 7:33 amby wschlich
no comment ;-)
Posted:
Sun Jul 21, 2002 11:09 amby dss
IMHO it *is* related to grsecurity patch. I can't run atd on any of my patched systems.
But I have no problems to run atd on unpatched ones. atd starts up on system boot,
I can add a task by using at. When execution time comes atd crashes with "Can't link execution file: Permission denied" in syslog.
As execution file is meant /var/spool/at/aXXXXX... file with the job - according to strace.
The file (created by at) has 700 permissions and is owned by job owner and his group.
I have tested it on 3 patched and 3 unpatched systems, all are Mandrake 8.2
Anyone have a solution?
atd
Posted:
Sun Jul 21, 2002 12:14 pmby goodbyte
What are the grsecurity acl settings for /var/spool/atd? Do you allow execution?
Posted:
Sun Jul 21, 2002 12:49 pmby dss
I have ACL disabled at all.