Date: Sun, 28 Dec 2008 09:36:40 +0200 From: KES <kes-kes@yandex.ru> To: Mel <fbsd.questions@rachie.is-a-geek.net> Cc: freebsd-questions@freebsd.org, users@subversion.tigris.org Subject: Re[2]: can not start SVNserve Message-ID: <1348891341.20081228093640@yandex.ru> In-Reply-To: <200812250913.32919.fbsd.questions@rachie.is-a-geek.net> References: <42213407.20081212101341@yandex.ru> <498807086.20081221134904@yandex.ru> <1004558695.20081224005059@yandex.ru> <200812250913.32919.fbsd.questions@rachie.is-a-geek.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Здравствуйте, Mel. Вы писали 25 декабря 2008 г., 20:13:32: M> On Tuesday 23 December 2008 13:50:59 KES wrote: >> Здравствуйте, KES. >> >> Вы писали 21 декабря 2008 г., 13:49:04: >> >> K> Здравствуйте, Mel. >> >> K> Вы писали 21 декабря 2008 г., 13:10:47: >> >> M>> On Thursday 18 December 2008 09:03:54 KES wrote: >> >>> Здравствуйте, Mel. >> >>> >> >>> Вы писали 18 декабря 2008 г., 9:05:35: >> >>> >> >>> M> On Wednesday 17 December 2008 21:02:07 KES wrote: >> >>> >> Здравствуйте, Mel. >> >>> >> >> >>> >> Вы писали 17 декабря 2008 г., 9:11:19: >> >>> >> >> >>> >> M> On Sunday 14 December 2008 16:11:17 KES wrote: >> >>> >> >> Здравствуйте, Polytropon. >> >>> >> >> >> >>> >> >> Вы писали 14 декабря 2008 г., 15:11:35: >> >>> >> >> >> >>> >> >> P> On Sun, 14 Dec 2008 12:58:55 +0100 (CET), Wojciech Puchar >> >>> >> >> >> >>> >> >> P> <wojtek@wojtek.tensor.gdynia.pl> wrote: >> >>> >> >> >> > su: Sorry >> >>> >> >> >> > >> >>> >> >> >> > >> >>> >> >> >> > kes# pw user mod svn -s /bin/bash >> >>> >> >> >> > kes# pw user show svn >> >>> >> >> >> > svn:*:1005:1005::0:0:SVN user:/nonexistent:/bin/bash >> >>> >> >> >> > kes# /usr/local/etc/rc.d/svnserve start >> >>> >> >> >> > Starting svnserve. >> >>> >> >> >> > su: Sorry >> >>> >> >> >> >> >>> >> >> >> try to change directory to existent >> >>> >> >> >> >>> >> >> P> (1) What's /bin/bash? Check existing shell. >> >>> >> >> >> >>> >> >> P> (2) As you said: Check existing directory. >> >>> >> >> >> >>> >> >> P> (3) Regarding su, check for wheel group inclusion. >> >>> >> >> >> >>> >> >> home# uname -a >> >>> >> >> FreeBSD home.kes.net.ua 7.0-STABLE FreeBSD 7.0-STABLE #0: Tue Aug >> >>> >> >> 12 02:11:24 EEST 2008 >> >>> >> >> kes@kes.net.ua:/usr/obj/usr/src/sys/KES_KERN_v7 i386 home# pw >> >>> >> >> user show svn >> >>> >> >> svn:*:1003:1002::0:0:SVN user:/nonexistent:/usr/sbin/nologin >> >>> >> >> >> >>> >> >> As you can see on 'home' machine svn user has no valid shell also >> >>> >> >> it has not valid home directory and it is not included into wheel >> >>> >> >> group >> >>> >> >> >> >>> >> >> But svnserve is started and works fine. With same settings >> >>> >> >> svnserve does not work on >> >>> >> >> kes# uname -a >> >>> >> >> FreeBSD kes.net.ua 7.1-PRERELEASE FreeBSD 7.1-PRERELEASE #: Sun >> >>> >> >> Nov 23 17:19:12 EET 2008 >> >>> >> >> kes@home.kes.net.ua:/usr/obj/usr/src/sys/KES_KERN_v7 i386 >> >>> >> >> >>> >> M> echo 'rc_debug="YES"'>>/etc/rc.conf >> >>> >> M> /usr/local/etc/rc.d/svnserve start >> >>> >> >> >>> >> M> Show output from /var/log/messages. >> >>> >> >> >>> >> kes# kes# /usr/local/etc/rc.d/svnserve start >> >>> >> /usr/local/etc/rc.d/svnserve: DEBUG: checkyesno: svnserve_enable is >> >>> >> set to YES. Starting svnserve. >> >>> >> /usr/local/etc/rc.d/svnserve: DEBUG: run_rc_command: doit: su -m svn >> >>> >> -c 'sh -c "/usr/local/bin/svnserve -d --listen-port=3690 >> >>> >> --foreground -r /var/db/trunk"' su: Sorry >> >>> >> >>> M> Does this command work from the command line? >> >>> M> If not, does it work if called as su -fm rather then su -m? >> >>> M> If that does not work, does the primary group svn is supposed to be >> >>> in exist? >> >>> >> >>> >> >>> kes# su -m svn -c 'sh -c "/usr/local/bin/svnserve -d --listen-port=3690 >> >>> --foreground -r /var/db/trunk"' su: Sorry >> >>> kes# su -fm svn -c 'sh -c "/usr/local/bin/svnserve -d >> >>> --listen-port=3690 --foreground -r /var/db/trunk"' su: Sorry >> >>> kes# pw group show svn >> >>> svn:*:1005: >> >>> kes# cat /etc/group | grep svn >> >>> svn:*:1005: >> >>> kes# pw user show svn >> >>> svn:*:1005:1005::0:0:SVN user:/nonexistent:/bin/bash >> >>> >> >>> As you see it does not work also with -fm option >> >>> >> >>> >> >>> Also I notice next differences between FreeBDS 7.0 and 7.1 (detail >> >>> below) Notice that on both system account is locked, has no valid shell >> >>> and home directory >> >>> on FreeBSD 7.0 when I try to login with svn user it says: This account >> >>> is currently not available. on FreeBSD 7.1 when I try to login with svn >> >>> user it says: su: Sorry Maybe there is a problem with su on FreeBSD >> >>> 7.1? >> >>> >> >>> >> >>> >> >>> home# pw user show svn >> >>> svn:*:1003:1002::0:0:SVN user:/nonexistent:/usr/sbin/nologin >> >>> home# su svn >> >>> This account is currently not available. >> >>> >> >>> >> >>> kes# pw user show svn >> >>> svn:*:1005:1005::0:0:SVN user:/nonexistent:/bin/bash >> >>> kes# su svn >> >>> su: Sorry >> >>> kes# pw user mod svn -s /usr/bin/nologin >> >>> kes# pw user show svn >> >>> svn:*:1005:1005::0:0:SVN user:/nonexistent:/usr/bin/nologin >> >>> kes# su svn >> >>> su: Sorry >> >> M>> The problem is elsewhere. Probably in pam(3) on the faulty machine. The >> only M>> change to su.c from 7.0 to 7.1 is fixing a compiler warning. There >> are 3 M>> instances where su exits with "Sorry". All occasions are logged >> to syslog. M>> Can you dig those log entries up? >> >> K> Dec 21 13:47:54 kes su: kes to root on /dev/ttyp5 >> K> Dec 21 13:47:58 kes kes: /r/svnserve: DEBUG: checkyesno: svnserve_enable >> is set to YES. K> Dec 21 13:47:58 kes kes: /r/svnserve: DEBUG: >> run_rc_command: doit: K> su -m svn -c 'sh -c "/usr/local/bin/svnserve -d >> K> --listen-port=3690 --foreground -r /var/db/trunk"' >> K> Dec 21 13:47:58 kes su: pam_acct_mgmt: authentication error >> >> K> Yeah, there is problem with pam. Why pam restrict root to run command >> K> under other user? >> >> Strange, but mysql works... (( >> >> kes# /r/mysql-server start >> /r/mysql-server: DEBUG: checkyesno: mysql_enable is set to YES. >> /r/mysql-server: DEBUG: pid file (/var/db/mysql/kes.net.ua.pid): not >> readable. /r/mysql-server: DEBUG: run_rc_command: start_precmd: >> mysql_prestart /r/mysql-server: DEBUG: checkyesno: mysql_limits is set to >> NO. >> Starting mysql. >> /r/mysql-server: DEBUG: run_rc_command: doit: su -m mysql -c 'sh -c >> "/usr/local/bin/mysqld_safe --defaults-extra-file=/var/db/mysql/my.cnf >> --user=mysql --datadir=/var/db/mysql >> --pid-file=/var/db/mysql/kes.net.ua.pid > /dev/null 2>&1 &"' >> /r/mysql-server: DEBUG: run_rc_command: start_postcmd: mysql_poststart M> This is a bit of a guess, but what if you change the uid and gid for the svn M> user/group to below 1000. This does not affect =( svnserve_enable="YES" svnserve_data="/var/db/trunk" svnserve_flags="-d --listen-port=3690 --foreground" svnserve_user="tst" svnserve_group="tst" kes# kes# /usr/local/etc/rc.d/svnserve start /usr/local/etc/rc.d/svnserve: DEBUG: checkyesno: svnserve_enable is set to YES. Starting svnserve. /usr/local/etc/rc.d/svnserve: DEBUG: run_rc_command: doit: su -m tst -c 'sh -c "/usr/local/bin/svnserve -d --listen-port=3690 --foreground -r /var/db/trunk"' su: Sorry kes# pw user show tst tst:*:300:300::0:0:User &:/home/nonexistent:/usr/sbin/nologin kes# pw group show tst tst:*:300: -- С уважением, KES mailto:kes-kes@yandex.ru
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1348891341.20081228093640>