Здравствуйте, KES.

Вы писали 21 декабря 2008 г., 13:49:04:

K> Здравствуйте, Mel.

K> Вы писали 21 декабря 2008 г., 13:10:47:

M>> On Thursday 18 December 2008 09:03:54 KES wrote:
>>> Здравствуйте, Mel.
>>>
>>> Вы писали 18 декабря 2008 г., 9:05:35:
>>>
>>> M> On Wednesday 17 December 2008 21:02:07 KES wrote:
>>> >> Здравствуйте, Mel.
>>> >>
>>> >> Вы писали 17 декабря 2008 г., 9:11:19:
>>> >>
>>> >> M> On Sunday 14 December 2008 16:11:17 KES wrote:
>>> >> >> Здравствуйте, Polytropon.
>>> >> >>
>>> >> >> Вы писали 14 декабря 2008 г., 15:11:35:
>>> >> >>
>>> >> >> P> On Sun, 14 Dec 2008 12:58:55 +0100 (CET), Wojciech Puchar
>>> >> >>
>>> >> >> P> <woj...@wojtek.tensor.gdynia.pl> wrote:
>>> >> >> >> > su: Sorry
>>> >> >> >> >
>>> >> >> >> >
>>> >> >> >> > kes# pw user mod svn -s /bin/bash
>>> >> >> >> > kes# pw user show svn
>>> >> >> >> > svn:*:1005:1005::0:0:SVN user:/nonexistent:/bin/bash
>>> >> >> >> > kes# /usr/local/etc/rc.d/svnserve start
>>> >> >> >> > Starting svnserve.
>>> >> >> >> > su: Sorry
>>> >> >> >>
>>> >> >> >> try to change directory to existent
>>> >> >>
>>> >> >> P> (1) What's /bin/bash? Check existing shell.
>>> >> >>
>>> >> >> P> (2) As you said: Check existing directory.
>>> >> >>
>>> >> >> P> (3) Regarding su, check for wheel group inclusion.
>>> >> >>
>>> >> >> home# uname -a
>>> >> >> FreeBSD home.kes.net.ua 7.0-STABLE FreeBSD 7.0-STABLE #0: Tue Aug 12
>>> >> >> 02:11:24 EEST 2008    
>>> >> >> k...@kes.net.ua:/usr/obj/usr/src/sys/KES_KERN_v7 i386 home# pw user
>>> >> >> show svn
>>> >> >> svn:*:1003:1002::0:0:SVN user:/nonexistent:/usr/sbin/nologin
>>> >> >>
>>> >> >> As you can see on 'home' machine svn user has no valid shell also it
>>> >> >> has not valid home directory and it is not included into wheel group
>>> >> >>
>>> >> >> But svnserve is started and works fine. With same settings svnserve
>>> >> >> does not work on
>>> >> >> kes# uname -a
>>> >> >> FreeBSD kes.net.ua 7.1-PRERELEASE FreeBSD 7.1-PRERELEASE #: Sun Nov
>>> >> >> 23 17:19:12 EET 2008
>>> >> >> k...@home.kes.net.ua:/usr/obj/usr/src/sys/KES_KERN_v7 i386
>>> >>
>>> >> M> echo 'rc_debug="YES"'>>/etc/rc.conf
>>> >> M> /usr/local/etc/rc.d/svnserve start
>>> >>
>>> >> M> Show output from /var/log/messages.
>>> >>
>>> >> kes# kes# /usr/local/etc/rc.d/svnserve start
>>> >> /usr/local/etc/rc.d/svnserve: DEBUG: checkyesno: svnserve_enable is set
>>> >> to YES. Starting svnserve.
>>> >> /usr/local/etc/rc.d/svnserve: DEBUG: run_rc_command: doit: su -m svn -c
>>> >> 'sh -c "/usr/local/bin/svnserve -d --listen-port=3690 --foreground -r
>>> >> /var/db/trunk"' su: Sorry
>>>
>>> M> Does this command work from the command line?
>>> M> If not, does it work if called as su -fm rather then su -m?
>>> M> If that does not work, does the primary group svn is supposed to be in
>>> exist?
>>>
>>>
>>> kes# su -m svn -c 'sh -c "/usr/local/bin/svnserve -d --listen-port=3690
>>> --foreground -r /var/db/trunk"' su: Sorry
>>> kes# su -fm svn -c 'sh -c "/usr/local/bin/svnserve -d --listen-port=3690
>>> --foreground -r /var/db/trunk"' su: Sorry
>>> kes# pw group show svn
>>> svn:*:1005:
>>> kes# cat /etc/group | grep svn
>>> svn:*:1005:
>>> kes# pw user show svn
>>> svn:*:1005:1005::0:0:SVN user:/nonexistent:/bin/bash
>>>
>>> As you see it does not work also with -fm option
>>>
>>>
>>> Also I notice next differences between FreeBDS 7.0 and 7.1 (detail below)
>>> Notice that on both system account is locked, has no valid shell and
>>> home directory
>>> on FreeBSD 7.0 when I try to login with svn user it says: This account is
>>> currently not available. on FreeBSD 7.1 when I try to login with svn user
>>> it says: su: Sorry Maybe there is a problem with su on FreeBSD 7.1?
>>>
>>>
>>>
>>> home# pw user show svn
>>> svn:*:1003:1002::0:0:SVN user:/nonexistent:/usr/sbin/nologin
>>> home# su svn
>>> This account is currently not available.
>>>
>>>
>>> kes# pw user show svn
>>> svn:*:1005:1005::0:0:SVN user:/nonexistent:/bin/bash
>>> kes# su svn
>>> su: Sorry
>>> kes# pw user mod svn -s /usr/bin/nologin
>>> kes# pw user show svn
>>> svn:*:1005:1005::0:0:SVN user:/nonexistent:/usr/bin/nologin
>>> kes# su svn
>>> su: Sorry

M>> The problem is elsewhere. Probably in pam(3) on the faulty machine. The only
M>> change to su.c from 7.0 to 7.1 is fixing a compiler warning. There are 3
M>> instances where su exits with "Sorry". All occasions are logged to syslog.
M>> Can you dig those log entries up?

K> Dec 21 13:47:54 kes su: kes to root on /dev/ttyp5
K> Dec 21 13:47:58 kes kes: /r/svnserve: DEBUG: checkyesno: svnserve_enable is 
set to YES.
K> Dec 21 13:47:58 kes kes: /r/svnserve: DEBUG: run_rc_command: doit:
K> su -m svn -c 'sh -c "/usr/local/bin/svnserve -d
K> --listen-port=3690 --foreground -r /var/db/trunk"'
K> Dec 21 13:47:58 kes su: pam_acct_mgmt: authentication error

K> Yeah, there is problem with pam. Why pam restrict root to run command
K> under other user?

Strange, but mysql works... ((

kes# /r/mysql-server start
/r/mysql-server: DEBUG: checkyesno: mysql_enable is set to YES.
/r/mysql-server: DEBUG: pid file (/var/db/mysql/kes.net.ua.pid): not readable.
/r/mysql-server: DEBUG: run_rc_command: start_precmd: mysql_prestart
/r/mysql-server: DEBUG: checkyesno: mysql_limits is set to NO.
Starting mysql.
/r/mysql-server: DEBUG: run_rc_command: doit: su -m mysql -c 'sh -c 
"/usr/local/bin/mysqld_safe  --defaults-extra-file=/var/db/mysql/my.cnf 
--user=mysql --datadir=/var/db/mysql --pid-file=/var/db/mysql/kes.net.ua.pid  > 
/dev/null 2>&1 &"'
/r/mysql-server: DEBUG: run_rc_command: start_postcmd: mysql_poststart


-- 
С уважением,
 KES                          mailto:kes-...@yandex.ru

_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Reply via email to