ecryptfs requires a full logged in root user to work

Bug #1669982 reported by mhogo mchungu on 2017-03-04
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
eCryptfs
Undecided
Unassigned

Bug Description

ecryptfs does not seem to work when root privileges are obtained through "su","pkexec" or sudo" and works when root privileges are obtained through "su -" suggesting it requires a login shell for some reason.

More info about the problem is discussed here: https://github.com/mhogomchungu/ecryptfs-simple/issues/2

Jason Xing (wlxing) wrote :

Hi,

I'm not sure what kind of problem you encountered.

I know that if I compile the utils source code and execute $ecryptfs-setup-private, it will go wrong because we do not set "s" bit on the /usr/sbin/mount.ecryptfs_private binary. I have to set that bit manually.

Is that what you want to say?

Jason

mhogo mchungu (mhogomchungu) wrote :

A test you can do to confirm what was reported.

1. Remove the suid bit in that binary.
2. Try to use the binary and things will fail as expected.
3. Try to elevate privileges first with su,sudo or pkexec and this will unexpectedly fail and the reported bug is here.
4. The only way i know of how to work around this is to elevate privileges through "su -c". This means in my application,i first raise privileges through pkexec[1] and then call "su -c"[2] while already elevated to work around the issue.

[1] https://github.com/mhogomchungu/sirikali/blob/b1a61a3194f0af546a8c069b359b4467d3baf343/src/siritask.cpp#L123

[2] https://github.com/mhogomchungu/sirikali/blob/b1a61a3194f0af546a8c069b359b4467d3baf343/src/siritask.cpp#L99

mhogo mchungu (mhogomchungu) wrote :

Correction in step 4 above,the "su" command should be "su - -c".

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers