From owner-freebsd-questions@FreeBSD.ORG  Sun Dec 28 07:36:52 2008
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id D9DE1106564A
	for <freebsd-questions@freebsd.org>;
	Sun, 28 Dec 2008 07:36:52 +0000 (UTC)
	(envelope-from kes-kes@yandex.ru)
Received: from forwards4.yandex.ru (forwards4.yandex.ru [77.88.32.20])
	by mx1.freebsd.org (Postfix) with ESMTP id 407388FC08
	for <freebsd-questions@freebsd.org>;
	Sun, 28 Dec 2008 07:36:52 +0000 (UTC)
	(envelope-from kes-kes@yandex.ru)
Received: from smtp14.yandex.ru (smtp14.yandex.ru [77.88.32.84])
	by forwards4.yandex.ru (Yandex) with ESMTP id 06AF74C5445;
	Sun, 28 Dec 2008 10:36:49 +0300 (MSK)
Received: from 14-4-113-92.pool.ukrtel.net ([92.113.4.14]:24837 "EHLO HOMEUSER"
	smtp-auth: "kes-kes" TLS-CIPHER: <none> TLS-PEER-CN1: <none>)
	by mail.yandex.ru with ESMTP id S393318AbYL1Hgk (ORCPT
	<rfc822;users@subversion.tigris.org> + 2 others);
	Sun, 28 Dec 2008 10:36:40 +0300
X-Yandex-Spam: 1 
X-Yandex-Front: smtp14
X-Yandex-TimeMark: 1230449800
X-BornDate: 1149541200
X-Yandex-Karma: 0
X-Yandex-KarmaStatus: 0
X-MsgDayCount: 3
X-Comment: RFC 2476 MSA function at smtp14.yandex.ru logged sender identity
	as: kes-kes
Date: Sun, 28 Dec 2008 09:36:40 +0200
From: KES <kes-kes@yandex.ru>
X-Mailer: The Bat! (v4.0.24) Professional
Organization: SaftTen
X-Priority: 3 (Normal)
Message-ID: <1348891341.20081228093640@yandex.ru>
To: Mel <fbsd.questions@rachie.is-a-geek.net>
In-Reply-To: <200812250913.32919.fbsd.questions@rachie.is-a-geek.net>
References: <42213407.20081212101341@yandex.ru>
	<498807086.20081221134904@yandex.ru>
	<1004558695.20081224005059@yandex.ru>
	<200812250913.32919.fbsd.questions@rachie.is-a-geek.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=windows-1251
Content-Transfer-Encoding: 8bit
Cc: freebsd-questions@freebsd.org, users@subversion.tigris.org
Subject: Re[2]: can not start SVNserve
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: KES <kes-kes@yandex.ru>
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 28 Dec 2008 07:36:52 -0000

Здравствуйте, Mel.

Вы писали 25 декабря 2008 г., 20:13:32:

M> On Tuesday 23 December 2008 13:50:59 KES wrote:
>> Здравствуйте, KES.
>>
>> Вы писали 21 декабря 2008 г., 13:49:04:
>>
>> K> Здравствуйте, Mel.
>>
>> K> Вы писали 21 декабря 2008 г., 13:10:47:
>>
>> M>> On Thursday 18 December 2008 09:03:54 KES wrote:
>> >>> Здравствуйте, Mel.
>> >>>
>> >>> Вы писали 18 декабря 2008 г., 9:05:35:
>> >>>
>> >>> M> On Wednesday 17 December 2008 21:02:07 KES wrote:
>> >>> >> Здравствуйте, Mel.
>> >>> >>
>> >>> >> Вы писали 17 декабря 2008 г., 9:11:19:
>> >>> >>
>> >>> >> M> On Sunday 14 December 2008 16:11:17 KES wrote:
>> >>> >> >> Здравствуйте, Polytropon.
>> >>> >> >>
>> >>> >> >> Вы писали 14 декабря 2008 г., 15:11:35:
>> >>> >> >>
>> >>> >> >> P> On Sun, 14 Dec 2008 12:58:55 +0100 (CET), Wojciech Puchar
>> >>> >> >>
>> >>> >> >> P> <wojtek@wojtek.tensor.gdynia.pl> wrote:
>> >>> >> >> >> > su: Sorry
>> >>> >> >> >> >
>> >>> >> >> >> >
>> >>> >> >> >> > kes# pw user mod svn -s /bin/bash
>> >>> >> >> >> > kes# pw user show svn
>> >>> >> >> >> > svn:*:1005:1005::0:0:SVN user:/nonexistent:/bin/bash
>> >>> >> >> >> > kes# /usr/local/etc/rc.d/svnserve start
>> >>> >> >> >> > Starting svnserve.
>> >>> >> >> >> > su: Sorry
>> >>> >> >> >>
>> >>> >> >> >> try to change directory to existent
>> >>> >> >>
>> >>> >> >> P> (1) What's /bin/bash? Check existing shell.
>> >>> >> >>
>> >>> >> >> P> (2) As you said: Check existing directory.
>> >>> >> >>
>> >>> >> >> P> (3) Regarding su, check for wheel group inclusion.
>> >>> >> >>
>> >>> >> >> home# uname -a
>> >>> >> >> FreeBSD home.kes.net.ua 7.0-STABLE FreeBSD 7.0-STABLE #0: Tue Aug
>> >>> >> >> 12 02:11:24 EEST 2008
>> >>> >> >> kes@kes.net.ua:/usr/obj/usr/src/sys/KES_KERN_v7 i386 home# pw
>> >>> >> >> user show svn
>> >>> >> >> svn:*:1003:1002::0:0:SVN user:/nonexistent:/usr/sbin/nologin
>> >>> >> >>
>> >>> >> >> As you can see on 'home' machine svn user has no valid shell also
>> >>> >> >> it has not valid home directory and it is not included into wheel
>> >>> >> >> group
>> >>> >> >>
>> >>> >> >> But svnserve is started and works fine. With same settings
>> >>> >> >> svnserve does not work on
>> >>> >> >> kes# uname -a
>> >>> >> >> FreeBSD kes.net.ua 7.1-PRERELEASE FreeBSD 7.1-PRERELEASE #: Sun
>> >>> >> >> Nov 23 17:19:12 EET 2008
>> >>> >> >> kes@home.kes.net.ua:/usr/obj/usr/src/sys/KES_KERN_v7 i386
>> >>> >>
>> >>> >> M> echo 'rc_debug="YES"'>>/etc/rc.conf
>> >>> >> M> /usr/local/etc/rc.d/svnserve start
>> >>> >>
>> >>> >> M> Show output from /var/log/messages.
>> >>> >>
>> >>> >> kes# kes# /usr/local/etc/rc.d/svnserve start
>> >>> >> /usr/local/etc/rc.d/svnserve: DEBUG: checkyesno: svnserve_enable is
>> >>> >> set to YES. Starting svnserve.
>> >>> >> /usr/local/etc/rc.d/svnserve: DEBUG: run_rc_command: doit: su -m svn
>> >>> >> -c 'sh -c "/usr/local/bin/svnserve -d --listen-port=3690
>> >>> >> --foreground -r /var/db/trunk"' su: Sorry
>> >>>
>> >>> M> Does this command work from the command line?
>> >>> M> If not, does it work if called as su -fm rather then su -m?
>> >>> M> If that does not work, does the primary group svn is supposed to be
>> >>> in exist?
>> >>>
>> >>>
>> >>> kes# su -m svn -c 'sh -c "/usr/local/bin/svnserve -d --listen-port=3690
>> >>> --foreground -r /var/db/trunk"' su: Sorry
>> >>> kes# su -fm svn -c 'sh -c "/usr/local/bin/svnserve -d
>> >>> --listen-port=3690 --foreground -r /var/db/trunk"' su: Sorry
>> >>> kes# pw group show svn
>> >>> svn:*:1005:
>> >>> kes# cat /etc/group | grep svn
>> >>> svn:*:1005:
>> >>> kes# pw user show svn
>> >>> svn:*:1005:1005::0:0:SVN user:/nonexistent:/bin/bash
>> >>>
>> >>> As you see it does not work also with -fm option
>> >>>
>> >>>
>> >>> Also I notice next differences between FreeBDS 7.0 and 7.1 (detail
>> >>> below) Notice that on both system account is locked, has no valid shell
>> >>> and home directory
>> >>> on FreeBSD 7.0 when I try to login with svn user it says: This account
>> >>> is currently not available. on FreeBSD 7.1 when I try to login with svn
>> >>> user it says: su: Sorry Maybe there is a problem with su on FreeBSD
>> >>> 7.1?
>> >>>
>> >>>
>> >>>
>> >>> home# pw user show svn
>> >>> svn:*:1003:1002::0:0:SVN user:/nonexistent:/usr/sbin/nologin
>> >>> home# su svn
>> >>> This account is currently not available.
>> >>>
>> >>>
>> >>> kes# pw user show svn
>> >>> svn:*:1005:1005::0:0:SVN user:/nonexistent:/bin/bash
>> >>> kes# su svn
>> >>> su: Sorry
>> >>> kes# pw user mod svn -s /usr/bin/nologin
>> >>> kes# pw user show svn
>> >>> svn:*:1005:1005::0:0:SVN user:/nonexistent:/usr/bin/nologin
>> >>> kes# su svn
>> >>> su: Sorry
>>
>> M>> The problem is elsewhere. Probably in pam(3) on the faulty machine. The
>> only M>> change to su.c from 7.0 to 7.1 is fixing a compiler warning. There
>> are 3 M>> instances where su exits with "Sorry". All occasions are logged
>> to syslog. M>> Can you dig those log entries up?
>>
>> K> Dec 21 13:47:54 kes su: kes to root on /dev/ttyp5
>> K> Dec 21 13:47:58 kes kes: /r/svnserve: DEBUG: checkyesno: svnserve_enable
>> is set to YES. K> Dec 21 13:47:58 kes kes: /r/svnserve: DEBUG:
>> run_rc_command: doit: K> su -m svn -c 'sh -c "/usr/local/bin/svnserve -d
>> K> --listen-port=3690 --foreground -r /var/db/trunk"'
>> K> Dec 21 13:47:58 kes su: pam_acct_mgmt: authentication error
>>
>> K> Yeah, there is problem with pam. Why pam restrict root to run command
>> K> under other user?
>>
>> Strange, but mysql works... ((
>>
>> kes# /r/mysql-server start
>> /r/mysql-server: DEBUG: checkyesno: mysql_enable is set to YES.
>> /r/mysql-server: DEBUG: pid file (/var/db/mysql/kes.net.ua.pid): not
>> readable. /r/mysql-server: DEBUG: run_rc_command: start_precmd:
>> mysql_prestart /r/mysql-server: DEBUG: checkyesno: mysql_limits is set to
>> NO.
>> Starting mysql.
>> /r/mysql-server: DEBUG: run_rc_command: doit: su -m mysql -c 'sh -c
>> "/usr/local/bin/mysqld_safe  --defaults-extra-file=/var/db/mysql/my.cnf
>> --user=mysql --datadir=/var/db/mysql
>> --pid-file=/var/db/mysql/kes.net.ua.pid  > /dev/null 2>&1 &"'
>> /r/mysql-server: DEBUG: run_rc_command: start_postcmd: mysql_poststart

M> This is a bit of a guess, but what if you change the uid and gid for the svn
M> user/group to below 1000.

This does not affect =(

svnserve_enable="YES"
  svnserve_data="/var/db/trunk"
  svnserve_flags="-d --listen-port=3690 --foreground"
  svnserve_user="tst"
  svnserve_group="tst"


kes# kes# /usr/local/etc/rc.d/svnserve start
/usr/local/etc/rc.d/svnserve: DEBUG: checkyesno: svnserve_enable is set to YES.
Starting svnserve.
/usr/local/etc/rc.d/svnserve: DEBUG: run_rc_command: doit: su -m tst -c 'sh -c "/usr/local/bin/svnserve -d --listen-port=3690 --foreground -r /var/db/trunk"'
su: Sorry
kes# pw user show tst
tst:*:300:300::0:0:User &:/home/nonexistent:/usr/sbin/nologin
kes# pw group show tst
tst:*:300:



-- 
С уважением,
 KES                          mailto:kes-kes@yandex.ru