vserver development mailing list: Re: [Vserver] Problem with nice inside a vserver

From: Russell Kliese <russell_at_eminence.com.au>
Date: Sat 11 Mar 2006 - 13:44:47 GMT
Message-ID: <44258.150.101.189.79.1142084687.squirrel@webmail.kliese.wattle.id.au>

>> >> >> >On 3/9/06, Russell Kliese <russell@eminence.com.au> wrote:
>> >> >> >
>> >> >> >
>> >> >> >>I have a problem with the find cron job inside a debian vserver.
>> >> >> >>
>> >> >> >>The find cron job runs the updatedb script as follows:
>> >> >> >>
>> >> >> >>#! /bin/sh
>> >> >> >>#
>> >> >> >># cron script to update the `locatedb' database.
>> >> >> >>#
>> >> >> >># Written by Ian A. Murdock <imurdock@debian.org> and
>> >> >> >># Kevin Dalley <kevin@aimnet.com>
>> >> >> >>
>> >> >> >>LOCALUSER="nobody"
>> >> >> >>export LOCALUSER
>> >> >> >>if [ -f /etc/updatedb.conf ]; then
>> >> >> >> . /etc/updatedb.conf
>> >> >> >>fi
>> >> >> >>
>> >> >> >>if getent passwd $LOCALUSER > /dev/null ; then
>> >> >> >> cd / && nice -n ${NICE:-10} updatedb 2>/dev/null
>> >> >> >> # cd / && updatedb 2>/dev/null
>> >> >> >>else
>> >> >> >> echo "User $LOCALUSER does not exist."
>> >> >> >> exit 1
>> >> >> >>fi
>> >> >> >>
>> >> >> >>The updatedb script tries to su to the nobody user, but this
>> fails
>> >> >> with
>> >> >> >>the following messages logged in /var/log/auth.log
>> >> >> >>
>> >> >> >>Mar 10 14:55:02 secure su[26501]: + pts/1 root:nobody
>> >> >> >>Mar 10 14:55:02 secure su[26501]: (pam_unix) session opened for
>> >> user
>> >> >> >>nobody by root(uid=0)
>> >> >> >>Mar 10 14:55:02 secure su[26501]: pam_open_session: Permission
>> >> denied
>> >> >> >>
>> >> >> >>
>> >> >> >>If I comment in the line with the # in the above script (and
>> >> comment
>> >> >> out
>> >> >> >>the line above), things work fine (i.e. I don't get the
>> >> >> >>"pam_open_session: Permission denied" logged in the auth.log).
>> So
>> >> it
>> >> >> >>seems to be something to do with nice. Note that even if I
>> remove
>> >> the
>> >> >> >>"-n ${NICE:-10}" things still don't work.
>
> what does the $NICE contain here? maybe a negative value?

$NICE is set to 10 in /etc/updatedb.conf, so -n ${NICE:-10} is the same as
-n 0.

> could you add some output to the log before that?

Sorry, I'm not sure what you mean.

>> >> >> >>Would enabling CAP_SYS_NICE help in this case even though a
>> lower
>> >> >> >>priority is being set? Or is there something else causing this
>> >> >> problem?

_______________________________________________
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
Received on Sat Mar 11 13:45:10 2006