Since upgrading at (along with lots of other things), trying to use at as a normal user gives the following error: Cannot create atjob file /var/spool/at/atjobs/a0000e0136cd29: Permission denied (the exact filename varies) Possibly relevant info: """ $ ls -ld /var/spool/at/atjobs drwx------ 2 at at 4096 2008-09-21 22:56 /var/spool/at/atjobs/ $ ls -l `which at` -rwsr-s--x 1 at at 42688 2008-09-16 14:27 /usr/bin/at* $ groups | grep -l '\<at\>' (standard input) """ Reproducible: Always Steps to Reproduce:
Furthermore, running at as root gives no error, but the command does not get run at the requested time. A line like the following appears in /var/log/messages: Sep 21 22:56:00 gonzales atd[8638]: Job 12 a0000c0136c784 - groupid 0 does not match file gid 25
Created attachment 166134 [details] sys-process/at-3.1.10.1 uses PAM - missing config From discussion in bug #229203: It looks like the new version detects and uses PAM, although there is no IUSE="pam" in the ebuild. The attached /etc/pam.d/atd worked for me.
Using the above attached /etc/pam.d/atd has no effect. Incidentally: I don't know whether the following is any use, but it might be: """ $ strace -o strace_output at now warning: commands will be executed using /bin/sh Cannot open lockfile /var/spool/at/atjobs/.SEQ: Permission denied $ tail strace_output ioctl(0, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo ...}) = 0 ioctl(0, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo ...}) = 0 stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=3661, ...}) = 0 write(2, "warning: commands will be execute"..., 49) = 49 rt_sigaction(SIGINT, {0x8049710, [], 0}, NULL, 8) = 0 setreuid32(1001, 1001) = 0 setregid32(100, 100) = 0 open("/var/spool/at/atjobs/.SEQ", O_WRONLY) = -1 EACCES (Permission denied) write(2, "Cannot open lockfile /var/spool/a"..., 66) = 66 exit_group(1) = ? """ (note that the error is different when at is run in strace; I'm not really sure what that means.)
(In reply to comment #2) > Created an attachment (id=166134) [edit] > sys-process/at-3.1.10.1 uses PAM - missing config > > From discussion in bug #229203: > > It looks like the new version detects and uses PAM, although there is no > IUSE="pam" in the ebuild. > > The attached /etc/pam.d/atd worked for me. > That has nothing to do with this bug since this bug has nothing to do with PAM. (I don't have PAM installed and won't be installing it).
The problem with the permissions seems to actually be with the at binary itself, rather than the /var/spool/at/atjobs/ directory itself. With sys-process/at-3.1.8-r12 you get -rws--x--x for /usr/bin/at And with sys-process/at-3.1.10.1 you get -rwsr-s--x for /usr/bin/at
(In reply to comment #5) > The problem with the permissions seems to actually be with the at binary > itself, rather than the /var/spool/at/atjobs/ directory itself. > > With sys-process/at-3.1.8-r12 you get > -rws--x--x for /usr/bin/at > > And with sys-process/at-3.1.10.1 you get > -rwsr-s--x for /usr/bin/at Changing the permissions won't do any good for me (also installing the atd-file in /etc/pam.d). The only way for me to get a working at is to install at-3.1.8-r12 (and masking at-3.1.10.1).
a fix for this is in at-3.1.10.2. please reopen if problem persists... thank you.
Still reproduces. $ at 11:50pm warning: commands will be executed using /bin/sh Cannot create atjob file /var/spool/at/atjobs/a000020139afde: Permission denied $ emerge --info Portage 2.2_rc23 (default/linux/x86/2008.0, gcc-4.3.3, glibc-2.9_p20081201-r1, 2.6.28-gentoo-r1 i686) ================================================================= System uname: Linux-2.6.28-gentoo-r1-i686-Intel-R-_Core-TM-2_CPU_6420_@_2.13GHz-with-glibc2.0 Timestamp of tree: Sun, 01 Feb 2009 05:30:01 +0000 ccache version 2.4 [enabled] app-shells/bash: 3.2_p48 dev-java/java-config: 1.3.7-r1, 2.1.7 dev-lang/python: 2.5.4-r2 dev-util/ccache: 2.4-r8 dev-util/cmake: 2.6.2-r1 sys-apps/baselayout: 2.0.0 sys-apps/openrc: 0.4.2 sys-apps/sandbox: 1.3.3 sys-devel/autoconf: 2.13, 2.63 sys-devel/automake: 1.4_p6, 1.5, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10.2 sys-devel/binutils: 2.19 sys-devel/gcc-config: 1.4.1 sys-devel/libtool: 2.2.6a virtual/os-headers: 2.6.28-r1 ACCEPT_KEYWORDS="x86 ~x86" CBUILD="i686-pc-linux-gnu" CFLAGS="-march=core2 -O2 -pipe -fomit-frame-pointer" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/kde/4.2/env /usr/kde/4.2/share/config /usr/kde/4.2/shutdown /usr/share/config" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/env.d/java/ /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo /etc/udev/rules.d" CXXFLAGS="-march=core2 -O2 -pipe -fomit-frame-pointer" DISTDIR="/data/distfiles" FEATURES="ccache collision-protect distlocks fixpackages parallel-fetch preserve-libs protect-owned sandbox sfperms strict unmerge-orphans userfetch userpriv usersandbox" GENTOO_MIRRORS="ftp://mirrors.tera-byte.com/pub/gentoo" LANG="C" LDFLAGS="-Wl,-O1 -Wl,--hash-style=gnu -Wl,--sort-common" LINGUAS="en_US" MAKEOPTS="-j5" PKGDIR="/usr/portage/packages" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="X a52 aac aalib acl alsa amr bash-completion berkdb bluetooth branding bzip2 cddb cdr cdrw cli cracklib crypt cups dbus dri dts dvd dvdnav dvdread encode flac fontconfig fortran gdbm gif glib gnome gpm gstreamer gtk hal htmlhandbook iconv inotify ipv6 isdnlog jpeg jpeg2k kde kdehiddenvisibility kdeprefix midi mmx mp2 mp3 mpeg mudflap ncurses nls nptl nptlonly ogg opengl openmp oss pcre perl png pppd python qt4 readline reflection scanner sdl session spell spl sse sse2 ssl ssse3 svg symlink sysfs tcpd theora tiff truetype unicode usb vcd vorbis win32codecs wma wmf x264 x86 xcomposite xml xorg xulrunner xv xvid xvmc zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1 emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" ELIBC="glibc" INPUT_DEVICES="keyboard evdev mouse synaptics" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="en_US" USERLAND="GNU" VIDEO_CARDS="nvidia none" Unset: CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, FFLAGS, INSTALL_MASK, LC_ALL, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS
ok. can you give the results of the following commands? you will have to run them as root.... ls -la /var/spool/at/ ls -la /var/spool/at/atjobs ls -la /var/spool/at/atspool thanks. here is what above commands result in on my machine (where at works - with and without pam) marsupilami ~ # ls -la /var/spool/at/atjobs/ total 12 drwxrwx--T 2 at at 4096 2009-01-31 20:05 . drwxr-xr-x 4 root root 4096 2009-01-31 19:59 .. -rw------- 1 at at 6 2009-01-31 20:04 .SEQ marsupilami ~ # ls -la /var/spool/at/atspool/ total 8 drwxrwx--T 2 at at 4096 2009-01-31 20:05 . drwxr-xr-x 4 root root 4096 2009-01-31 19:59 .. marsupilami ~ # ls -la /var/spool/at/ total 16 drwxr-xr-x 4 root root 4096 2009-01-31 19:59 . drwxr-xr-x 5 root root 4096 2009-01-31 19:59 .. drwxrwx--T 2 at at 4096 2009-01-31 20:05 atjobs drwxrwx--T 2 at at 4096 2009-01-31 20:05 atspool if yours look differently, try unmerging at, removing /var/spool/at and subdirs and merging it again. thanks.
(In reply to comment #9) > if yours look differently, try unmerging at, removing /var/spool/at and subdirs > and merging it again. That did the trick for me :-)
(In reply to comment #9) > if yours look differently, try unmerging at, removing /var/spool/at and subdirs > and merging it again. > thanks. > But shouldn't the directories be checked for correct permissions by the ebuild? Surely, giving them the correct permissions shouldn't only happen when the directories don't exist. That said, the workaround worked.
you are right - a workaround for bug #141619 is in the works. thanks for the feedback.
sys-process/at-3.1.10.2-r1 forces correct directory permission (and fixes a pam bug). thanks for the feedback.