From owner-freebsd-questions@FreeBSD.ORG Mon Dec 22 10:05:18 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C81901065673 for ; Mon, 22 Dec 2008 10:05:18 +0000 (UTC) (envelope-from fbsd.questions@rachie.is-a-geek.net) Received: from mail.rachie.is-a-geek.net (rachie.is-a-geek.net [66.230.99.27]) by mx1.freebsd.org (Postfix) with ESMTP id 92C548FC25 for ; Mon, 22 Dec 2008 10:05:18 +0000 (UTC) (envelope-from fbsd.questions@rachie.is-a-geek.net) Received: from localhost (mail.rachie.is-a-geek.net [192.168.2.101]) by mail.rachie.is-a-geek.net (Postfix) with ESMTP id B948EAFC1FF; Mon, 22 Dec 2008 01:05:14 -0900 (AKST) From: Mel To: freebsd-questions@freebsd.org, KES Date: Mon, 22 Dec 2008 11:04:53 +0100 User-Agent: KMail/1.9.7 References: <42213407.20081212101341@yandex.ru> <200812211210.48287.fbsd.questions@rachie.is-a-geek.net> <498807086.20081221134904@yandex.ru> In-Reply-To: <498807086.20081221134904@yandex.ru> MIME-Version: 1.0 Content-Type: text/plain; charset="windows-1251" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Message-Id: <200812221104.55946.fbsd.questions@rachie.is-a-geek.net> Cc: users@subversion.tigris.org Subject: Re: can not start SVNserve X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 22 Dec 2008 10:05:18 -0000 On Sunday 21 December 2008 12:49:04 KES wrote: > =C7=E4=F0=E0=E2=F1=F2=E2=F3=E9=F2=E5, Mel. > > =C2=FB =EF=E8=F1=E0=EB=E8 21 =E4=E5=EA=E0=E1=F0=FF 2008 =E3., 13:10:47: > > M> On Thursday 18 December 2008 09:03:54 KES wrote: > >> =C7=E4=F0=E0=E2=F1=F2=E2=F3=E9=F2=E5, Mel. > >> > >> =C2=FB =EF=E8=F1=E0=EB=E8 18 =E4=E5=EA=E0=E1=F0=FF 2008 =E3., 9:05:35: > >> > >> M> On Wednesday 17 December 2008 21:02:07 KES wrote: > >> Also I notice next differences between FreeBDS 7.0 and 7.1 (detail > >> below) Notice that on both system account is locked, has no valid shell > >> and home directory > >> on FreeBSD 7.0 when I try to login with svn user it says: This account > >> is currently not available. on FreeBSD 7.1 when I try to login with svn > >> user it says: su: Sorry Maybe there is a problem with su on FreeBSD 7.= 1? > >> > >> > >> > >> home# pw user show svn > >> svn:*:1003:1002::0:0:SVN user:/nonexistent:/usr/sbin/nologin > >> home# su svn > >> This account is currently not available. > >> > >> > >> kes# pw user show svn > >> svn:*:1005:1005::0:0:SVN user:/nonexistent:/bin/bash > >> kes# su svn > >> su: Sorry > >> kes# pw user mod svn -s /usr/bin/nologin > >> kes# pw user show svn > >> svn:*:1005:1005::0:0:SVN user:/nonexistent:/usr/bin/nologin > >> kes# su svn > >> su: Sorry > > M> The problem is elsewhere. Probably in pam(3) on the faulty machine. The > only M> change to su.c from 7.0 to 7.1 is fixing a compiler warning. There > are 3 M> instances where su exits with "Sorry". All occasions are logged = to > syslog. M> Can you dig those log entries up? > > Dec 21 13:47:54 kes su: kes to root on /dev/ttyp5 > Dec 21 13:47:58 kes kes: /r/svnserve: DEBUG: checkyesno: svnserve_enable = is > set to YES. Dec 21 13:47:58 kes kes: /r/svnserve: DEBUG: run_rc_command: > doit: su -m svn -c 'sh -c "/usr/local/bin/svnserve -d --listen-port=3D3690 > --foreground -r /var/db/trunk"' > Dec 21 13:47:58 kes su: pam_acct_mgmt: authentication error > > Yeah, there is problem with pam. Why pam restrict root to run command > under other user? Is /etc/pam.d/su present and does it contain the line: account include system If so, the /etc/pam.d/system should contain: # account #account required pam_krb5.so account required pam_login_access.so account required pam_unix.so If this is all ok, I suggest rebuilding pam with OPENPAM_DEBUG defined, so= =20 that you can see where things go wrong. Just out of curiousity, if you install something like mysql or squid, those= =20 users should be inaccessable for the same reason, cause I don't see anythin= g=20 wrong with the svn user itself. =2D-=20 Mel Problem with today's modular software: they start with the modules and never get to the software part.