| Summary: | net-p2p/freenet-0.5.2.1-r8 init.d script broken by sudo patch | ||
|---|---|---|---|
| Product: | Gentoo Linux | Reporter: | Richard Freeman <rich0> |
| Component: | Current packages | Assignee: | Gentoo net-p2p team <net-p2p> |
| Status: | RESOLVED DUPLICATE | ||
| Severity: | normal | CC: | k, m.debruijne, mark, telefrancisco |
| Priority: | High | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Package list: | Runtime testing required: | --- | |
Here's the offending lines in /etc/sudoers that's causing the problem: # Reset environment by default Defaults env_reset # Uncomment to allow people in group wheel to export variables #Defaults:%wheel !env_reset # Allow people in group users to export specific variables # Defaults:%users env_keep=TZ Uncommenting out this line: Defaults:%wheel !env_reset fixes the problem (Commenting out the "Defaults env_reset" works too, but is less safe) I can confirm this problem. and also the fix provided by Salah Coronya. ;) I've solved this problem changing /etc/init.d/freenet line 67 from:
nice -n ${FREENET_NICENESS} sudo -u freenet /usr/bin/start-freenet.sh > /var/freenet/freenet.pid
to:
nice -n ${FREENET_NICENESS} sudo -u freenet /usr/bin/start-freenet.sh "$JAVA" "$JAVA_ARGS" "$CLASSPATH" > /var/freenet/freenet.pid
and then leaving /usr/bin/start-freenet.sh as this:
-------------- start ----------------
#!/bin/bash
# This script is a companion script to the Gentoo freenet init script.
# Logs freenet's stdout and stderr for debugging needs.
#
# Author: Brandon Low <lostlogic@gentoo.org>
#
JAVA="$1"
JAVA_ARGS="$2"
export CLASSPATH="$3"
${JAVA} ${JAVA_ARGS} freenet.node.Main -p /etc/freenet.conf \
> /var/freenet/freenet.stdout.log 2> /var/freenet/freenet.stderr.log &
echo $!
--------------------- end ---------------------
It works right for me. Take it as a temporary fix but may work right for the future if freenet startup scripts does not change.
Woodyst.
|
The sudo-1.6.7_p5-r2 security update apparently prevents the passing of environment variables, which breaks the init.d script installed by freenet which uses sudo to change uid. As a result, the java classpath is not set when freenet is run, and java can't find the class. I'm not intimately familiar with the world of su/sudo security issues, but the following change does fix the problem: change from: nice -n ${FREENET_NICENESS} sudo -u freenet /usr/bin/start-freenet.sh \ to: nice -n ${FREENET_NICENESS} su freenet /usr/bin/start-freenet.sh \ su apparently passes environment just fine... Reproducible: Always Steps to Reproduce: 1. 2. 3. Gentoo Base System version 1.4.16 Portage 2.0.51-r3 (default-linux/x86/2004.3, gcc-3.3.4, glibc-2.3.4.20040808-r1, 2.6.9-gentoo-r1-rf17 i686) ================================================================= System uname: 2.6.9-gentoo-r1-rf17 i686 AMD Athlon(tm) 64 Processor 3000+ Autoconf: sys-devel/autoconf-2.59-r5 Automake: sys-devel/automake-1.8.5-r1 Binutils: sys-devel/binutils-2.14.90.0.8-r1 Headers: sys-kernel/linux-headers-2.4.21-r1 Libtools: sys-devel/libtool-1.5.2-r5 ACCEPT_KEYWORDS="x86" AUTOCLEAN="yes" CFLAGS="-O2 -march=athlon-xp -fomit-frame-pointer -msse2 -msse -pipe" CHOST="i686-pc-linux-gnu" COMPILER="" CONFIG_PROTECT="/etc /usr/X11R6/lib/X11/xkb /usr/kde/2/share/config /usr/kde/3.2/share/config /usr/kde/3.3/env /usr/kde/3.3/share/config /usr/kde/3.3/shutdown /usr/kde/3/share/config /usr/share/config /usr/share/texmf/dvipdfm/config/ /usr/share/texmf/dvips/config/ /usr/share/texmf/tex/generic/config/ /usr/share/texmf/tex/platex/config/ /usr/share/texmf/xdvi/ /var/qmail/control" CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d" CXXFLAGS="-O2 -march=athlon-xp -fomit-frame-pointer -msse2 -msse -pipe" DISTDIR="/usr/portage/distfiles" FEATURES="autoaddcvs autoconfig ccache distlocks sandbox sfperms" GENTOO_MIRRORS="http://mirrors.tds.net/gentoo http://gentoo.mirrors.pair.com/ http://www.mirror.ac.uk/sites/www.ibiblio.org/gentoo/" MAKEOPTS="-j1" PKGDIR="/usr/portage/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="X acpi acpi4linux alsa apache2 apm arts avi berkdb bitmap-fonts bonobo cdr crypt cups dvd encode esd ethereal evo f77 fam fbcon flac foomaticdb fortran gd gdbm gif gimpprint glut gnome gpm gtk gtk2 gtkhtml imagemagick imap imlib innodb java jpeg junit kde libg++ libwww mad maildir mikmod motif mpeg multilib mysql ncurses nls oggvorbis opengl oss pam pda pdflib perl php png python qt quicktime readline samba sasl sdl slang spell ssl svga tcltk tcpd tetex tiff truetype wmf x86 xml xml2 xmms xv zlib"