Epoptes does not honor group membership granted on per-session basis via pam_group
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Epoptes |
Fix Released
|
Medium
|
Fotis Tsamis |
Bug Description
pam_group is a pam module that grants group membership to users on a per-session basis (http://
We would like to use it to grant access to epoptes for many users. However, epoptes does not honor this group membership. It seems, epoptes does not check for groups granted by pam_group, just those defined locally in /etc/groups.
See attached screenshot: As seen from the output of "groups", user "kup" is clearly a member of group "epoptes". However, epoptes complains that he is not, and refuses to start.
Group membership to "epoptes" was granted to "kup" by pam_groups. Other users listed in /etc/groups can start epoptes.
This seems to be a bug in the way epoptes checks for group membership.
ProblemType: Bug
DistroRelease: Ubuntu 14.04
Package: epoptes (not installed)
ProcVersionSign
Uname: Linux 3.13.0-30-generic x86_64
NonfreeKernelMo
ApportVersion: 2.14.1-0ubuntu3.2
Architecture: amd64
CurrentDesktop: Unity
Date: Sat Jul 5 13:38:26 2014
EcryptfsInUse: Yes
InstallationDate: Installed on 2012-12-20 (561 days ago)
InstallationMedia: Ubuntu 12.10 "Quantal Quetzal" - Release amd64 (20121017.5)
SourcePackage: epoptes
UpgradeStatus: Upgraded to trusty on 2014-04-18 (78 days ago)
Related branches
affects: | epoptes (Ubuntu) → epoptes |
Changed in epoptes: | |
assignee: | nobody → Fotis Tsamis (phantomas) |
status: | New → Confirmed |
Hello and thanks for your bug report!
It seems that the grp python module wasn't compatible with pam_group. Now instead of checking if a user is member of the epoptes group, we just try to read/connect to the socket and if we fail we then show an error message.
It would be great if you could test from the trunk though. (The only file you need to replace is /usr/bin/epoptes)
Thank you!