let me just say one more time, if you can't run updatedb as nobody,
the problem is a permissions problem... you indicated that it fails
whether the nice line is there or not. that means that it's not an
issue with the vserver and an issue with your vserver guest's
permissions/configuration.
can you give me a hint as to which distribution you're running?
On 3/10/06, Russell Kliese <russell@eminence.com.au> wrote:
> I don't have a -l option in my su. Additionally, the su command is
> called as part of the updatedb script which I would prefer not to have
> to edit, if possible.
>
> infowolfe wrote:
>
> >try su -l nobody and then updatedb
> >
> >see what errors are dumped then.
> >
> >On 3/9/06, Russell Kliese <russell@eminence.com.au> wrote:
> >
> >
> >>I have a problem with the find cron job inside a debian vserver.
> >>
> >>The find cron job runs the updatedb script as follows:
> >>
> >>#! /bin/sh
> >>#
> >># cron script to update the `locatedb' database.
> >>#
> >># Written by Ian A. Murdock <imurdock@debian.org> and
> >># Kevin Dalley <kevin@aimnet.com>
> >>
> >>LOCALUSER="nobody"
> >>export LOCALUSER
> >>if [ -f /etc/updatedb.conf ]; then
> >> . /etc/updatedb.conf
> >>fi
> >>
> >>if getent passwd $LOCALUSER > /dev/null ; then
> >> cd / && nice -n ${NICE:-10} updatedb 2>/dev/null
> >> # cd / && updatedb 2>/dev/null
> >>else
> >> echo "User $LOCALUSER does not exist."
> >> exit 1
> >>fi
> >>
> >>The updatedb script tries to su to the nobody user, but this fails with
> >>the following messages logged in /var/log/auth.log
> >>
> >>Mar 10 14:55:02 secure su[26501]: + pts/1 root:nobody
> >>Mar 10 14:55:02 secure su[26501]: (pam_unix) session opened for user
> >>nobody by root(uid=0)
> >>Mar 10 14:55:02 secure su[26501]: pam_open_session: Permission denied
> >>
> >>
> >>If I comment in the line with the # in the above script (and comment out
> >>the line above), things work fine (i.e. I don't get the
> >>"pam_open_session: Permission denied" logged in the auth.log). So it
> >>seems to be something to do with nice. Note that even if I remove the
> >>"-n ${NICE:-10}" things still don't work.
> >>
> >>Would enabling CAP_SYS_NICE help in this case even though a lower
> >>priority is being set? Or is there something else causing this problem?
> >>
> >>
> >>
>
> _______________________________________________
> Vserver mailing list
> Vserver@list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver
>
_______________________________________________
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
Received on Fri Mar 10 10:10:48 2006