I just spent hours learning how PAM works... I found that this will happen if S_NICE is set to anything above 0, _and_ pam_limits.so is enabled (default on fedora core 1).
Looking at pam_limits.c, it has this code in setup_limits() which is probably where the trouble happens: if (uid == 0) { [SNIP] pl->priority = 0; } [SNIP] status = setpriority(PRIO_PROCESS, 0, pl->priority); if (status != 0) { retval = LIMIT_ERR; } So it looks like pam_limits will try to set your priority to 0 if you're root. (Should this be considered a pam_limits bug?) So the solution is either: 1. not to use S_NICE 2. comment out pam_limits.so from both /etc/pam.d/sshd and /etc/pam.d/system-auth Grisha On Mon, 8 Mar 2004, Gregory (Grisha) Trubetskoy wrote: > > I saw this posting earlier on: > > http://www.paul.sladen.org/vserver/archives/200309/0176.html > > And I am seeing the same problem: > > debug1: session_by_channel: session 0 channel 0 > debug1: session_input_channel_req: session 0 req shell > debug1: PAM setting tty to "/dev/pts/0" > PAM session setup failed[6]: Permission denied > debug1: Calling cleanup 0x8059c20(0x8090c20) > debug1: session_pty_cleanup: session 0 release /dev/pts/0 > > > Kernel 2.4.25, vserver 1.26 with ctx disk limit patches (though I don't > think that matters). The os both outside and inside the vserver is RH > Fedora 1. > > I've found that a workaround is to restart sshd in the vserver after > starting it, e.g.: > > # vserver blah start > [...] > # vserver blah exec service sshd restart > > ...but other than that I've spent quite a bit of time looking at things > and I can't find what's causing this problem. What might be the difference > between sshd being started from init, vs doing later? > > Has anyone else seen this? > > Thanks, > > Grisha > > > _______________________________________________ Vserver mailing list [EMAIL PROTECTED] http://list.linux-vserver.org/mailman/listinfo/vserver