Bug 16356

Summary: 01msec.sh causes "-bash: TMOUT: readonly variable" error message
Product: Mageia Reporter: Bit Twister <bittwister2>
Component: RPM PackagesAssignee: Mageia tools maintainers <mageiatools>
Status: RESOLVED FIXED QA Contact:
Severity: normal    
Priority: Normal CC: cae, curtis_mageia, dvgevers, ftg, jani.valimaa, krnekit, mageia, mageia, ngompa13, rfox, shlomif, yvesbrungard
Version: CauldronKeywords: 6sta2
Target Milestone: ---   
Hardware: All   
OS: Linux   
See Also: https://bugs.mageia.org/show_bug.cgi?id=22317
Whiteboard: MGA5TOO,MGA6TOO
Source RPM: msec-2.5-1.mga7.src.rpm CVE:
Status comment:

Description Bit Twister 2015-07-12 14:36:19 CEST 
Description of problem:

/etc/profile.d/01msec.sh causes "-bash: TMOUT: readonly variable" error message

Version-Release number of selected component (if applicable):


How reproducible: always


Steps to Reproduce:

You need steps 1 - 4  workaround to bypass bug 14778

1. click up a terminal
2. su - root
3. ln -s /etc/security/shell /etc/sysconfig/shell
4. exit
5. su - $USER

Result should be
$ su - $USER
Password: 
-bash: TMOUT: readonly variable



#**************** note **************

grep 500 /etc/profile.d/*


Should those be changed to UID_MIN value as seen in
grep UID_MIN /etc/login.defs



Reproducible: 

Steps to Reproduce:
Bit Twister 2016-07-06 20:20:17 CEST

Summary: 01msec.sh causes "-bash: TMOUT: readonly variable" error message => 6_s1: 01msec.sh causes "-bash: TMOUT: readonly variable" error message
Source RPM: msec-1.11-2.mga5.src.rpm => msec-2.1-1.mga6.src.rpm

Comment 1 Samuel Verschelde 2016-11-01 13:44:19 CET 
Assigning to Mageia Tools maintainer group. 

To the bug reporter: is this issue still present in cauldron?

Assignee: bugsquad => mageiatools

Comment 2 Bit Twister 2016-11-01 14:36:01 CET 
Yes I believe so.

 /etc/profile.d/10tmpdir.sh
is checking /etc/sysconfig/shell instead of /etc/security/shell where SECURE_TMP=yes set via mcc->Security->Configure system security, permissions and audit->Security settings->System security

Running step 3 is a workaround until /etc/profile.d/10tmpdir.sh is fixed.

My install change script disabled the problem but something put it back.
$ cat /etc/security/shell 
ALLOW_CURDIR_IN_PATH=no
UMASK_ROOT=022
SECURE_TMP=yes
#TMOUT=0
UMASK_USER=022
TMOUT=0

Which causes triggers the TMOUT message.
[bittwister@wb ~]$ su - $USER
Password: 
-bash: TMOUT: readonly variable
Samuel Verschelde 2016-11-01 15:54:11 CET

Version: 5 => Cauldron
Whiteboard: (none) => MGA5TOO

Comment 3 Bit Twister 2017-01-23 20:18:37 CET 
working in 6 sta2

Status: NEW => RESOLVED
Resolution: (none) => FIXED

Comment 4 Bit Twister 2017-01-27 12:24:26 CET 
Sorry, I forgot one of install scripts patched the problem. Something reset my settings and shows the problem still exists.

$ diff -bBw /var/local/data/sys_audit/shell /etc/security/shell
3c3
< SECURE_TMP=no
---
> SECURE_TMP=yes
5a6
> TMOUT=0

Status comment: (none) => 6_s2
Status: RESOLVED => REOPENED
Resolution: FIXED => (none)
Summary: 6_s1: 01msec.sh causes "-bash: TMOUT: readonly variable" error message => 01msec.sh causes "-bash: TMOUT: readonly variable" error message
Source RPM: msec-2.1-1.mga6.src.rpm => msec-2.2-1.mga6.src.rpm

Bit Twister 2017-01-31 18:33:25 CET

Keywords: (none) => 6sta2
Status comment: 6_s2 => (none)

papoteur 2018-01-02 10:31:15 CET

CC: (none) => yves.brungard_mageia
Source RPM: msec-2.2-1.mga6.src.rpm => initscripts

Comment 5 Bit Twister 2018-01-02 12:08:08 CET 
Unless you can show me otherwise I believe the Source RPM: field should contain the rpm containing the file in question.

Source RPM: initscripts => msec-2.5-1.mga7.src.rpm
Whiteboard: MGA5TOO => MGA5TOO,MGA6TOO

Comment 6 papoteur 2018-01-03 08:03:00 CET 
(In reply to Bit Twister from comment #5)
> Unless you can show me otherwise I believe the Source RPM: field should
> contain the rpm containing the file in question.

Yes, this is why I changed it:
urpmf 10tmpdir.sh
initscripts:/etc/profile.d/10tmpdir.sh

You said:
> Running step 3 is a workaround until /etc/profile.d/10tmpdir.sh is fixed.
Comment 7 Bit Twister 2018-01-03 10:57:25 CET 
But the typeset code causing the message is in /etc/profile.d/01msec.sh  :)

 grep TMOUT /etc/profile.d/01msec.sh
[ -n "$TMOUT" ] && type typeset > /dev/null 2>&1 && typeset -r TMOUT
Marja Van Waes 2018-01-05 11:38:41 CET

See Also: (none) => https://bugs.mageia.org/show_bug.cgi?id=22317

Comment 8 Frank Griffin 2018-01-05 13:41:38 CET 
*** Bug 22317 has been marked as a duplicate of this bug. ***

CC: (none) => ftg

Nikita Krupenko 2018-01-07 00:16:05 CET

CC: (none) => krnekit

Comment 9 Robert Fox 2018-01-20 15:58:05 CET 
Issue still exists as of latest Cauldron

CC: (none) => rfox

Neal Gompa 2018-01-25 17:48:41 CET

CC: (none) => ngompa13

Comment 10 Jani Välimaa 2018-01-25 19:56:39 CET 
The problem is that 01msec.sh sources /etc/security/shell and sets TMOUT to readonly. Then 10tmpdir.sh sources /etc/security/shell again, but as TMOUT is already readonly bash outputs an error.

One option is to rename 01msec.sh such way that it's called after 10tmpdir.sh, but I guess there's a reason for its name. To run it at the very beginning.

CC: (none) => jani.valimaa

Comment 11 Charles Edwards 2018-02-04 23:07:21 CET 
If it is bothersome and you want it to disappear simply comment out its entry in /etc/profile.d/01msec.sh


(bottom portion from 01msec.sh example)

export SECURE_LEVEL
#prevent TMOUT
#[ -n "$TMOUT" ] && type typeset > /dev/null 2>&1 && typeset -r TMOUT

# msec.sh ends here

CC: (none) => cae

Dick Gevers 2018-02-05 10:12:18 CET

CC: (none) => dvgevers

Comment 12 Shlomi Fish 2018-03-06 17:41:58 CET 
Adding myself to the CC because this bug bothers me too.

CC: (none) => shlomif

Comment 13 papoteur 2018-03-08 14:34:36 CET 
(In reply to Charles Edwards from comment #11)
> If it is bothersome and you want it to disappear simply comment out its
> entry in /etc/profile.d/01msec.sh
> 
> 
> (bottom portion from 01msec.sh example)
> 
> export SECURE_LEVEL
> #prevent TMOUT
> #[ -n "$TMOUT" ] && type typeset > /dev/null 2>&1 && typeset -r TMOUT
> 
> # msec.sh ends here

I plan to release msec.
Should I include this modifications, thus deleting these lines?
Or renaming 01msec.sh in 01tmsec.sh to execute it after 01tmpdir.sh?
Comment 14 Charles Edwards 2018-03-09 08:38:38 CET 
If its inclusion serves a useful purpose I would say change it to run after
01tmpdir.sh.

Personally, I see no purpose and on this system I commented out the entries.
Comment 15 Olivier Blin 2018-03-29 09:32:28 CEST 
Can't we just factorize /etc/security/shell sourcing in an earlier profile.d script?

CC: (none) => mageia

Curtis Hildebrand 2018-05-22 07:42:45 CEST

CC: (none) => curtis_mageia

Comment 16 Frank Griffin 2018-06-24 05:53:09 CEST 
Ping ?
Comment 17 Raphael Gertz 2018-09-02 22:56:10 CEST 
I fixed resourcing of /etc/security/shell in profile.d script by associating it sourcing with a SECSHELL variable.

The problem should be considered fixed when initscripts-9.78-6.mga7 and msec-2.6-4.mga7 reach cauldron mirrors.

I fixed /etc/profile.d/{01msec.sh,10tmpdir.sh} for this resourcing if other scripts are affected feel free to use this new block in it :

if [ -z "$SECSHELL" -a -r /etc/security/shell ]; then
    . /etc/security/shell
    export SECSHELL=1
fi

Best regards

Status: REOPENED => RESOLVED
CC: (none) => mageia
Resolution: (none) => FIXED