I don't have a -l option in my su. Additionally, the su command is
called as part of the updatedb script which I would prefer not to have
to edit, if possible.
infowolfe wrote:
>try su -l nobody and then updatedb
>
>see what errors are dumped then.
>
>On 3/9/06, Russell Kliese <russell@eminence.com.au> wrote:
>
>
>>I have a problem with the find cron job inside a debian vserver.
>>
>>The find cron job runs the updatedb script as follows:
>>
>>#! /bin/sh
>>#
>># cron script to update the `locatedb' database.
>>#
>># Written by Ian A. Murdock <imurdock@debian.org> and
>># Kevin Dalley <kevin@aimnet.com>
>>
>>LOCALUSER="nobody"
>>export LOCALUSER
>>if [ -f /etc/updatedb.conf ]; then
>> . /etc/updatedb.conf
>>fi
>>
>>if getent passwd $LOCALUSER > /dev/null ; then
>> cd / && nice -n ${NICE:-10} updatedb 2>/dev/null
>> # cd / && updatedb 2>/dev/null
>>else
>> echo "User $LOCALUSER does not exist."
>> exit 1
>>fi
>>
>>The updatedb script tries to su to the nobody user, but this fails with
>>the following messages logged in /var/log/auth.log
>>
>>Mar 10 14:55:02 secure su[26501]: + pts/1 root:nobody
>>Mar 10 14:55:02 secure su[26501]: (pam_unix) session opened for user
>>nobody by root(uid=0)
>>Mar 10 14:55:02 secure su[26501]: pam_open_session: Permission denied
>>
>>
>>If I comment in the line with the # in the above script (and comment out
>>the line above), things work fine (i.e. I don't get the
>>"pam_open_session: Permission denied" logged in the auth.log). So it
>>seems to be something to do with nice. Note that even if I remove the
>>"-n ${NICE:-10}" things still don't work.
>>
>>Would enabling CAP_SYS_NICE help in this case even though a lower
>>priority is being set? Or is there something else causing this problem?
>>
>>
>>
_______________________________________________
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
Received on Fri Mar 10 09:47:20 2006