NetBSD Problem Report #37288

From martin@duskware.de  Tue Nov  6 09:50:47 2007
Return-Path: <martin@duskware.de>
Received: from mail.netbsd.org (mail.netbsd.org [204.152.190.11])
	by narn.NetBSD.org (Postfix) with ESMTP id 63FC363BA5F
	for <gnats-bugs@gnats.netbsd.org>; Tue,  6 Nov 2007 09:50:47 +0000 (UTC)
Message-Id: <20071106094647.502E263BA4A@narn.NetBSD.org>
Date: Tue,  6 Nov 2007 09:46:47 +0000 (UTC)
From: arto.huusko@pp2.inet.fi
Reply-To: arto.huusko@pp2.inet.fi
To: netbsd-bugs-owner@NetBSD.org
Subject: su fails if home on nfs without root privileges
X-Send-Pr-Version: www-1.0

>Number:         37288
>Category:       bin
>Synopsis:       su fails if home on nfs without root privileges
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    bin-bug-people
>State:          closed
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Tue Nov 06 09:55:00 +0000 2007
>Closed-Date:    Sun Oct 27 11:43:05 +0000 2019
>Last-Modified:  Sun Oct 27 11:43:05 +0000 2019
>Originator:     Arto Huusko
>Release:        4.99.34
>Organization:
>Environment:
NetBSD wmli019400.local 4.99.34 NetBSD 4.99.34 (DUUNI) #33: Mon Nov  5 12:34:59 EET 2007
>Description:
su fails with output

su: no directory

when home directory of the target user is on an NFS mount, and the NFS server does not grant special privileges for root user of NFS clients.

This is because su apparently does the chdir to target user's home directory as root.

Amusing (not) effects of this are, for example, that user can't su to self, root can't su to the user, etc.
>How-To-Repeat:
$ whoami
huuskart
$ pwd
/koti/home/huuskart
$ ls -ld .
drwx------  51 huuskart  medi  4096 Nov  6 11:41 .
$ mount
...
nfsserver:/home on /koti/home type nfs
...
$ su - huuskart
su: no directory
$ su -     
Password:
# cd /koti/home/huuskart/
cd: can't cd to /koti/home/huuskart/
# su - huuskart
su: no directory

>Fix:
Change su to do the chdir to target user's home directory as the target user, not root.

It would not hurt to change the no directory error report to use err() instead of errx() so that reason of the error is also shown.

>Release-Note:

>Audit-Trail:

State-Changed-From-To: open->closed
State-Changed-By: maya@NetBSD.org
State-Changed-When: Sun, 27 Oct 2019 11:43:05 +0000
State-Changed-Why:
Fixed on su_pam.c:r1.19
Change to home directory only after setting the full user context
to avoid issues with NFS or other user-mapped mounts that don't
give root the privilege to chdir there. 


>Unformatted:
NetBSD Home
NetBSD PR Database Search
(Contact us) $NetBSD: query-full-pr,v 1.43 2018/01/16 07:36:43 maya Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2017 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.