On Sunday 21 December 2008 12:49:04 KES wrote:
> Здравствуйте, Mel.
>
> Вы писали 21 декабря 2008 г., 13:10:47:
>
> M> On Thursday 18 December 2008 09:03:54 KES wrote:
> >> Здравствуйте, Mel.
> >>
> >> Вы писали 18 декабря 2008 г., 9:05:35:
> >>
> >> M> On Wednesday 17 December 2008 21:02:07 KES wrote:
<snip>
> >> Also I notice next differences between FreeBDS 7.0 and 7.1 (detail
> >> below) Notice that on both system account is locked, has no valid shell
> >> and home directory
> >> on FreeBSD 7.0 when I try to login with svn user it says: This account
> >> is currently not available. on FreeBSD 7.1 when I try to login with svn
> >> user it says: su: Sorry Maybe there is a problem with su on FreeBSD 7.1?
> >>
> >>
> >>
> >> home# pw user show svn
> >> svn:*:1003:1002::0:0:SVN user:/nonexistent:/usr/sbin/nologin
> >> home# su svn
> >> This account is currently not available.
> >>
> >>
> >> kes# pw user show svn
> >> svn:*:1005:1005::0:0:SVN user:/nonexistent:/bin/bash
> >> kes# su svn
> >> su: Sorry
> >> kes# pw user mod svn -s /usr/bin/nologin
> >> kes# pw user show svn
> >> svn:*:1005:1005::0:0:SVN user:/nonexistent:/usr/bin/nologin
> >> kes# su svn
> >> su: Sorry
>
> M> The problem is elsewhere. Probably in pam(3) on the faulty machine. The
> only M> change to su.c from 7.0 to 7.1 is fixing a compiler warning. There
> are 3 M> instances where su exits with "Sorry". All occasions are logged to
> syslog. M> Can you dig those log entries up?
>
> Dec 21 13:47:54 kes su: kes to root on /dev/ttyp5
> Dec 21 13:47:58 kes kes: /r/svnserve: DEBUG: checkyesno: svnserve_enable is
> set to YES. Dec 21 13:47:58 kes kes: /r/svnserve: DEBUG: run_rc_command:
> doit: su -m svn -c 'sh -c "/usr/local/bin/svnserve -d --listen-port=3690
> --foreground -r /var/db/trunk"'
> Dec 21 13:47:58 kes su: pam_acct_mgmt: authentication error
>
> Yeah, there is problem with pam. Why pam restrict root to run command
> under other user?
Is /etc/pam.d/su present and does it contain the line:
account include system
If so, the /etc/pam.d/system should contain:
# account
#account required pam_krb5.so
account required pam_login_access.so
account required pam_unix.so
If this is all ok, I suggest rebuilding pam with OPENPAM_DEBUG defined, so
that you can see where things go wrong.
Just out of curiousity, if you install something like mysql or squid, those
users should be inaccessable for the same reason, cause I don't see anything
wrong with the svn user itself.
--
Mel
Problem with today's modular software: they start with the modules
and never get to the software part.
------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=989598
To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_subversion.tigris.org].
Received on 2008-12-22 17:22:33 CET