Some Eclipse Foundation services are deprecated, or will be soon. Please ensure you've read this important communication.

Bug 287305

Summary: [dstore] Need to set proper uid for commands when using SecuredThread and single server for multiple clients
Product: [Tools] Target Management Reporter: Violaine Batthish <batthish>
Component: RSEAssignee: David McKnight <dmcknigh>
Status: RESOLVED FIXED QA Contact: Martin Oberhuber <mober.at+eclipse>
Severity: normal    
Priority: P3 CC: ankitp, dmcknigh
Version: unspecified   
Target Milestone: 3.2 M6   
Hardware: PC   
OS: Windows XP   
Whiteboard:
Bug Depends on:    
Bug Blocks: 290843    
Attachments:
Description Flags
patch to support su when client id is different from actual id
none
patch with update to handle bash shells better
none
patch updated again
none
patch update
none
updated patch based on requirements for violaine none

Description Violaine Batthish CLA 2009-08-21 10:41:13 EDT 
When SecuredThread is run to start a new dstore for a single process servicing multiple users, setThreadSecurity is run, which handles file permissions (on Linux), but when a command or command shell is run (CommandMinerThread), because a new process is spawned using System.exec, on Linux, this means that the ui and gid are inherited.  
In this case when the new process is spawned for running a command or the command shell, the su command should be run to ensure that the correct uid and gid are in effect.
Comment 1 Violaine Batthish CLA 2009-09-29 14:17:11 EDT 
So as discussed, a check in the CommandMinerThread needs to be made to see if the user for the client dstore matches that of the process.  If not then su should be run.

Here is a sample file.  It should be put into CommandMinerThread before the check for custom shell invocation.

// if the user id in the client doesn't match the user name of the process
// we should ensure that the shell is started with the correct user id
if (!_dataStore.getClient().getUserid().equals(_dataStore.getClient()
        .getProperty("user.name"))) 
     theShell = "su "+_dataStore.getClient()+" -c "+theShell;  


This fix will be needed for 3.0.3+
Comment 2 David McKnight CLA 2009-09-30 11:42:42 EDT 
Created attachment 148439 [details]
patch to support su when client id is different from actual id

Violaine, could you try this patch out?
Comment 3 David McKnight CLA 2009-10-07 15:40:04 EDT 
Created attachment 149039 [details]
patch with update to handle bash shells better
Comment 4 David McKnight CLA 2009-10-07 15:53:43 EDT 
Created attachment 149046 [details]
patch updated again
Comment 5 David McKnight CLA 2009-10-07 16:13:13 EDT 
Created attachment 149052 [details]
patch update
Comment 6 David McKnight CLA 2009-10-09 16:39:58 EDT 
Created attachment 149278 [details]
updated patch based on requirements for violaine
Comment 7 David McKnight CLA 2009-10-15 10:46:36 EDT 
I've committed the patch to cvs.