Does anyone know of a way to trace system calls made by UV as a non-root user? Here's the problem we have:
UV on RH ES 5.1 joined to an W2K3 native mode AD domain. We have an AD issue that causes UV to either fail to execute, or die before the user can enter the environment. This doesn't happen to all users, and appears to be random, but affects more users over time. Usually a user can get into UV eventually after repeated attempts. Once they're logged in, everything's fine. The current UV server has been in production for over a year with no AD issues. Nothing has changed on the UV server. Prior to that we ran UV on RH AS 3.0 joined to the same domain for 3+ years without issue. We virtualized one of our domain controllers on VMware ESX in October, and no issues between then and now. Kerberos authentication always works. The user logs in OK at the OS level, but UV will not execute. I suspect a user or group permission problem, but at the OS level, all of the various AD connectivity validation methods work OK (id, wbinfo -i, wbinfo -u, wbinfo -g, getent passwd, getent group). The permissions on the UV directory are rwxrwxr-x, and the group ownership is the AD "domain users" group. I tried adding world write permissions in our development account, but that didn't help. When this issue first happened a few weeks ago, rebooting all 3 domain controllers made the problem disappear for a little over 2 weeks. When it recurred, rebooting only the domain controllers didn't work, but rebooting them along with the UV server got us by for 4 days. The Windows admin also fixed an AD replication problem at that time. RH ES 5.1 doesn't have strace installed. It has autrace, which is supposedly similar, but looks like it can only be run as root. I've verified that if I run UV as a local user, it will work. Our web app server uses a local user ID for UOJ connections, and the UOJ connections always work. I need some way to determine at what point the UV executable is dying to determine which system call is being affected by AD, and that requires executing it as an AD user. Another thought I had for a workaround was to change the ownership of the UV executable to a local /etc/passwd user who has the domain users group #, and us chmod +s to make uv run as that user. Does anyone know if that would cause problems? Also, would anything break if I copied the uv executable to something like "uv_test" so I could try this with a test login and not affect the entire server? Thanks, John _______________________________________________ U2-Users mailing list [email protected] http://listserver.u2ug.org/mailman/listinfo/u2-users
