Здравствуйте, Mel.
Вы писали 21 декабря 2008 г., 13:10:47:
M> On Thursday 18 December 2008 09:03:54 KES wrote:
>> Здравствуйте, Mel.
>>
>> Вы писали 18 декабря 2008 г., 9:05:35:
>>
>> M> On Wednesday 17 December 2008 21:02:07 KES wrote:
>> >> Здравствуйте, Mel.
>> >>
>> >> Вы писали 17 декабря 2008 г., 9:11:19:
>> >>
>> >> M> On Sunday 14 December 2008 16:11:17 KES wrote:
>> >> >> Здравствуйте, Polytropon.
>> >> >>
>> >> >> Вы писали 14 декабря 2008 г., 15:11:35:
>> >> >>
>> >> >> P> On Sun, 14 Dec 2008 12:58:55 +0100 (CET), Wojciech Puchar
>> >> >>
>> >> >> P> <wojtek_at_wojtek.tensor.gdynia.pl> wrote:
>> >> >> >> > su: Sorry
>> >> >> >> >
>> >> >> >> >
>> >> >> >> > kes# pw user mod svn -s /bin/bash
>> >> >> >> > kes# pw user show svn
>> >> >> >> > svn:*:1005:1005::0:0:SVN user:/nonexistent:/bin/bash
>> >> >> >> > kes# /usr/local/etc/rc.d/svnserve start
>> >> >> >> > Starting svnserve.
>> >> >> >> > su: Sorry
>> >> >> >>
>> >> >> >> try to change directory to existent
>> >> >>
>> >> >> P> (1) What's /bin/bash? Check existing shell.
>> >> >>
>> >> >> P> (2) As you said: Check existing directory.
>> >> >>
>> >> >> P> (3) Regarding su, check for wheel group inclusion.
>> >> >>
>> >> >> home# uname -a
>> >> >> FreeBSD home.kes.net.ua 7.0-STABLE FreeBSD 7.0-STABLE #0: Tue Aug 12
>> >> >> 02:11:24 EEST 2008
>> >> >> kes_at_kes.net.ua:/usr/obj/usr/src/sys/KES_KERN_v7 i386 home# pw user
>> >> >> show svn
>> >> >> svn:*:1003:1002::0:0:SVN user:/nonexistent:/usr/sbin/nologin
>> >> >>
>> >> >> As you can see on 'home' machine svn user has no valid shell also it
>> >> >> has not valid home directory and it is not included into wheel group
>> >> >>
>> >> >> But svnserve is started and works fine. With same settings svnserve
>> >> >> does not work on
>> >> >> kes# uname -a
>> >> >> FreeBSD kes.net.ua 7.1-PRERELEASE FreeBSD 7.1-PRERELEASE #: Sun Nov
>> >> >> 23 17:19:12 EET 2008
>> >> >> kes_at_home.kes.net.ua:/usr/obj/usr/src/sys/KES_KERN_v7 i386
>> >>
>> >> M> echo 'rc_debug="YES"'>>/etc/rc.conf
>> >> M> /usr/local/etc/rc.d/svnserve start
>> >>
>> >> M> Show output from /var/log/messages.
>> >>
>> >> kes# kes# /usr/local/etc/rc.d/svnserve start
>> >> /usr/local/etc/rc.d/svnserve: DEBUG: checkyesno: svnserve_enable is set
>> >> to YES. Starting svnserve.
>> >> /usr/local/etc/rc.d/svnserve: DEBUG: run_rc_command: doit: su -m svn -c
>> >> 'sh -c "/usr/local/bin/svnserve -d --listen-port=3690 --foreground -r
>> >> /var/db/trunk"' su: Sorry
>>
>> M> Does this command work from the command line?
>> M> If not, does it work if called as su -fm rather then su -m?
>> M> If that does not work, does the primary group svn is supposed to be in
>> exist?
>>
>>
>> kes# su -m svn -c 'sh -c "/usr/local/bin/svnserve -d --listen-port=3690
>> --foreground -r /var/db/trunk"' su: Sorry
>> kes# su -fm svn -c 'sh -c "/usr/local/bin/svnserve -d --listen-port=3690
>> --foreground -r /var/db/trunk"' su: Sorry
>> kes# pw group show svn
>> svn:*:1005:
>> kes# cat /etc/group | grep svn
>> svn:*:1005:
>> kes# pw user show svn
>> svn:*:1005:1005::0:0:SVN user:/nonexistent:/bin/bash
>>
>> As you see it does not work also with -fm option
>>
>>
>> Also I notice next differences between FreeBDS 7.0 and 7.1 (detail below)
>> Notice that on both system account is locked, has no valid shell and
>> home directory
>> on FreeBSD 7.0 when I try to login with svn user it says: This account is
>> currently not available. on FreeBSD 7.1 when I try to login with svn user
>> it says: su: Sorry Maybe there is a problem with su on FreeBSD 7.1?
>>
>>
>>
>> home# pw user show svn
>> svn:*:1003:1002::0:0:SVN user:/nonexistent:/usr/sbin/nologin
>> home# su svn
>> This account is currently not available.
>>
>>
>> kes# pw user show svn
>> svn:*:1005:1005::0:0:SVN user:/nonexistent:/bin/bash
>> kes# su svn
>> su: Sorry
>> kes# pw user mod svn -s /usr/bin/nologin
>> kes# pw user show svn
>> svn:*:1005:1005::0:0:SVN user:/nonexistent:/usr/bin/nologin
>> kes# su svn
>> su: Sorry
M> The problem is elsewhere. Probably in pam(3) on the faulty machine. The only
M> change to su.c from 7.0 to 7.1 is fixing a compiler warning. There are 3
M> instances where su exits with "Sorry". All occasions are logged to syslog.
M> Can you dig those log entries up?
Dec 21 13:47:54 kes su: kes to root on /dev/ttyp5
Dec 21 13:47:58 kes kes: /r/svnserve: DEBUG: checkyesno: svnserve_enable is set to YES.
Dec 21 13:47:58 kes kes: /r/svnserve: DEBUG: run_rc_command: doit: su -m svn -c 'sh -c "/usr/local/bin/svnserve -d
--listen-port=3690 --foreground -r /var/db/trunk"'
Dec 21 13:47:58 kes su: pam_acct_mgmt: authentication error
Yeah, there is problem with pam. Why pam restrict root to run command
under other user?
--
С уважением,
KES mailto:kes-kes_at_yandex.ru
------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=988841
To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_subversion.tigris.org].
Received on 2008-12-22 17:13:21 CET