Bug 5588 – Can't su to root from jack when observing automated installation on client side

Bug 5588 - Can't su to root from jack when observing automated installation on client side


Summary:	Can't su to root from jack when observing automated installation on client side

Status:	RESOLVED FIXINSOURCE

Product:	installer
Component:	services
Version:	unspecified
Platform:	ANY/Generic OpenSolaris

Importance:	P2 major (vote)
Target Milestone:	2009.04
Assigned To:	Jan Damborsky
QA Contact:

URL:
Whiteboard:	rn4 jsc-qa
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2008-12-03 01:51 UTC by Rudolf Kutina
Modified:	2009-02-05 10:56 UTC (History)
CC List:	3 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note

You need to log in before you can comment on or make changes to this bug.

Description Rudolf Kutina 2008-12-03 01:51:25 UTC

Start AI install, log as jack/jack , I can observer installation, but when I
wont to su to root to make more observations and after restart system I got:

su - root
opensolaris 

su - 
opensolaris 

No such id 

We must write in docs then AI Live CD don't have root role, but real user, so
initial; login is as user: root , passwd: opensolaris

If we wont to keep initial root login as feature , I recommend to change efaul
user jack to metinh else in AI Live CD so user will be forced to read docs by
getting error when they try to apply login procedures from OpenSolaris Live CD
image.

Comment 1 Jan Damborsky 2008-12-03 02:34:43 UTC

Currently, if user wants to obtain root privileges when observing automated
installation, it is necessary to login as root/opensolaris from console.
su(1M) doesn't work - it needs to be evaluated.

Comment 2 Jan Damborsky 2009-02-05 03:47:00 UTC

The problem is caused by the fact that /usr filesystem is mounted
with 'nosuid' option:

jack@opensolaris:~$ su -
Password: 
su: Unknown id: root

jack@opensolaris:~$ tail /var/adm/messages 
...
Feb  5 03:18:08 opensolaris genunix: [ID 809163 kern.info] NOTICE: su, uid
65432: setuid execution not allowed, dev=9300000001

jack@opensolaris:~$ which su
/usr/bin/su

jack@opensolaris:~$ ls -l /usr/bin/su
-r-sr-xr-x 1 root sys 39620 Feb  5 00:50 /usr/bin/su

$ mount -p | grep /usr
/tmp/solaris.zlib - /usr hsfs - no ro,nosuid,noglobal,maplcase,rr,traildot

Following 'mount' command is used to mount /usr filesystem in live-fs-root
script:

...
/sbin/mount -F hsfs /tmp/solaris.zlib /usr
...

The issue is that when mount(1M) is invoked to directly mount file,
'nosuid' is enforced:

...
     For file system types that support it, a file can be mounted
     directly as a file system by specifying the full path to the
     file as the special argument.  In such a  case,  the  nosuid
     option is enforced. If specific file system support for such
     loopback file mounts is  not  present,  you  can  still  use
     lofiadm(1M)  to  mount a file system image. In this case, no
     special options are enforced.
...

Comment 3 Jan Damborsky 2009-02-05 03:50:25 UTC

fix:

/usr filesystem will be mounted taking advantage of lofiadm(1M) command. In
this
case, no mount options are enforced:

...
usr_lofi_dev=`/usr/sbin/lofiadm -a /tmp/solaris.zlib`
/sbin/mount -F hsfs -o ro $usr_lofi_dev /usr
...

The same approach taken for LiveCD case.

Comment 4 Jan Damborsky 2009-02-05 10:56:11 UTC

fixed in changeset:
436c9b5e8ac09fa83bc91c9fd26f319c471ad4e0