Comment 1 Diego Elio Pettenò (RETIRED) 2009-04-25 17:39:02 UTC

For what PAM is concerned, so point (2), I don't think that pam_permit line is going to help us at all, if anything it's going to be worse. Please note that the Red Hat bug you point to shows a completely different PAM setup than ours.

Unfortunately we have currently no officially-supported LDAP setup for Gentoo Linux so I'd have to ask you to post your system-auth configuration; that's probably a different bug though so please report it separately.

Comment 2 Alex Legler (RETIRED) 2009-04-26 08:50:46 UTC

(In reply to comment #0)
> 1) When sys-process/at-3.1.10.2-r1 is compiled with USE=-pam ALL JOBS ARE RUN
> AS ROOT instead of the caller!
> 
> To reproduce:
> # echo 'touch /tmp/test' | sudo -u games at now
> # ls -l /tmp/test

I cannot reproduce this:
alex@neon ~ $ echo "whoami > /tmp/atuser" | sudo -u rbot at now
warning: commands will be executed using /bin/sh
job 6 at Sun Apr 26 10:31:00 2009
alex@neon ~ $ cat /tmp/atuser 
rbot

(The games user is by default not even allowed to create at jobs...)

> 2) If at is compiled with USE=pam then users that are listed only in
> /etc/passwd don't work. Ldap-users do work. Explanation of reasons in
> https://bugzilla.redhat.com/show_bug.cgi?id=150131
> 

Again, using the rbot user (no LDAP on my system), it "works".

Assigning to correct component, resetting priority and severity until we can confirm this.

Comment 3 Lars Wendler (Polynomial-C) (RETIRED) 2009-04-26 10:48:05 UTC

*** Bug 267498 has been marked as a duplicate of this bug. ***

Comment 4 Alex Legler (RETIRED) 2009-08-16 23:00:43 UTC

After trying to reproduce issue 1) again on another installation which did not work, I'll close this bug.

If you can produce further evidence that this is a reproducible issue, please reopen this bug.