Re: [Vserver] Problem with nice inside a vserver

From: Russell Kliese <russell_at_eminence.com.au>
Date: Fri 10 Mar 2006 - 12:09:28 GMT
Message-ID: <44140.150.101.189.79.1141992568.squirrel@webmail.kliese.wattle.id.au>

> let me just say one more time, if you can't run updatedb as nobody,
> the problem is a permissions problem... you indicated that it fails
> whether the nice line is there or not.

I guess I didn't explain things too clearly. It _doesn't_ fail when I
don't use nice.

The following line fails (with "pam_open_session: Permission denied" in
the auth.log):

cd / && nice -n ${NICE:-10} updatedb 2>/dev/null

If I change the line to the following it doesn't fail:

cd / && updatedb 2>/dev/null

Also, updatedb runs as root. The updatedb drops down to the nobody user
(via su) to run the find command.

> can you give me a hint as to which distribution you're running?

Debian (sarge)

>
> On 3/10/06, Russell Kliese <russell@eminence.com.au> wrote:
>> I don't have a -l option in my su. Additionally, the su command is
>> called as part of the updatedb script which I would prefer not to have
>> to edit, if possible.
>>
>> infowolfe wrote:
>>
>> >try su -l nobody and then updatedb
>> >
>> >see what errors are dumped then.
>> >
>> >On 3/9/06, Russell Kliese <russell@eminence.com.au> wrote:
>> >
>> >
>> >>I have a problem with the find cron job inside a debian vserver.
>> >>
>> >>The find cron job runs the updatedb script as follows:
>> >>
>> >>#! /bin/sh
>> >>#
>> >># cron script to update the `locatedb' database.
>> >>#
>> >># Written by Ian A. Murdock <imurdock@debian.org> and
>> >># Kevin Dalley <kevin@aimnet.com>
>> >>
>> >>LOCALUSER="nobody"
>> >>export LOCALUSER
>> >>if [ -f /etc/updatedb.conf ]; then
>> >> . /etc/updatedb.conf
>> >>fi
>> >>
>> >>if getent passwd $LOCALUSER > /dev/null ; then
>> >> cd / && nice -n ${NICE:-10} updatedb 2>/dev/null
>> >> # cd / && updatedb 2>/dev/null
>> >>else
>> >> echo "User $LOCALUSER does not exist."
>> >> exit 1
>> >>fi
>> >>
>> >>The updatedb script tries to su to the nobody user, but this fails
>> with
>> >>the following messages logged in /var/log/auth.log
>> >>
>> >>Mar 10 14:55:02 secure su[26501]: + pts/1 root:nobody
>> >>Mar 10 14:55:02 secure su[26501]: (pam_unix) session opened for user
>> >>nobody by root(uid=0)
>> >>Mar 10 14:55:02 secure su[26501]: pam_open_session: Permission denied
>> >>
>> >>
>> >>If I comment in the line with the # in the above script (and comment
>> out
>> >>the line above), things work fine (i.e. I don't get the
>> >>"pam_open_session: Permission denied" logged in the auth.log). So it
>> >>seems to be something to do with nice. Note that even if I remove the
>> >>"-n ${NICE:-10}" things still don't work.
>> >>
>> >>Would enabling CAP_SYS_NICE help in this case even though a lower
>> >>priority is being set? Or is there something else causing this
>> problem?

_______________________________________________
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
Received on Fri Mar 10 12:10:17 2006

[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Fri 10 Mar 2006 - 12:10:21 GMT by hypermail 2.1.8