Skip to content
Advertisement

Google Cloud Pub/Sub C++ Client: Authentication Failure When Binary Has setuid (root) [CentOS7]

The application (bin) loads the (service account) credentials fine when it has “normal” permissions. This is the run script:

JavaScript

However when bin permission are changed:

JavaScript

I get this error:

E1003 10:02:07.563899584 60263 credentials_generic.cc:35] Could not get HOME environment variable. E1003 10:02:10.563621247 60263 google_default_credentials.cc:461] Could not create google default credentials: UNKNOWN:creds_path unset {created_time:”2022-10-03T10:02:07.563943484+09:00″}

Any advice would be appreciated.

Thanks.

Advertisement

Answer

As far as I can tell, this is expected behavior for gRPC. gRPC uses secure_getenv() to get all environment variables. In your case, that means the gRPC ignores the GOOGLE_APPLICATION_CREDENTIALS set.

You may need to change your application to use explicit service account credentials. Something like:

JavaScript
User contributions licensed under: CC BY-SA
7 People found this is helpful
Advertisement