Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 27 Jun 2024 15:57:18 -0400
From:      Paul Procacci <pprocacci@gmail.com>
To:        Denis Shaposhnikov <dsh@bamus.cz>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: Login 'postgres': Login class 'default': Setting priority failed: Permission denied
Message-ID:  <CAFbbPuiRrSGCkM0ZqC8LsduZmKKiviqZsDdE=Sb-V7RFLKP80A@mail.gmail.com>
In-Reply-To: <9fcb9b8a-6318-44c3-aee0-be511ed07c65@app.fastmail.com>
References:  <d011c093-5921-42ae-abad-45919d9b3c4a@app.fastmail.com> <98ef9c72-1c94-471c-88e9-8e4957bfa9f9@app.fastmail.com> <CAFbbPuh31Lp5MzfRAghq4wy9-LEYp5m1GRYzQZCKyMo=95JdTg@mail.gmail.com> <9fcb9b8a-6318-44c3-aee0-be511ed07c65@app.fastmail.com>
index | next in thread | previous in thread | raw e-mail 

[-- Attachment #1 --]
On Thu, Jun 27, 2024 at 3:45 PM Denis Shaposhnikov <dsh@bamus.cz> wrote:

> Hi,
>
> On Thu, 27 Jun 2024, at 21:29, Paul Procacci wrote:
> >> nice -n 5 doas id
>
> >> Jun 27 21:08:57 db doas[33054]: Login 'root': Login class 'root':
> Setting priority failed: Permission denied
>
> > The error message is a legit error, that is, you cannot set a priority
> > of a process from within the jail.
>
> What do you mean? Just
>
> nice -5 id
>
> inside a jail doesn't generate the log message, but
>
> nice -5 doas id
>
> does. That was just an example. Actually Icinga runs a command, but before
> that it does `nice(5)`. That command uses doas and calls a script and that
> script uses su. I'm not setting a priority directly. In 14.0 all of that
> didn't generate log messages.
>
> > It's just newly logged.
>
> Aha! Thanks for the info. OK, how could I prevent it from logging it? I
> don't need it in the log every minute.
>

It *does* throw an error.  You just need to set the priority in the right
direction:

# nice -n 5 id
uid=0(root) gid=0(wheel) groups=0(wheel),5(operator)

# nice -n -5 id
nice: setpriority: Permission denied
uid=0(root) gid=0(wheel) groups=0(wheel),5(operator)

You have 3 options:

1) Remove the nice binary from the command that icinga is issuing.
2) Lower the priority of the command (higher value)
3) Redirect stderr to /dev/null.

~Paul
-- 
__________________

:(){ :|:& };:

[-- Attachment #2 --]
<div dir="ltr"><div><div dir="ltr"><br></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Thu, Jun 27, 2024 at 3:45 PM Denis Shaposhnikov &lt;<a href="mailto:dsh@bamus.cz">dsh@bamus.cz</a>&gt; wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Hi,<br>
<br>
On Thu, 27 Jun 2024, at 21:29, Paul Procacci wrote:<br>
&gt;&gt; nice -n 5 doas id<br>
<br>
&gt;&gt; Jun 27 21:08:57 db doas[33054]: Login &#39;root&#39;: Login class &#39;root&#39;: Setting priority failed: Permission denied<br>
<br>
&gt; The error message is a legit error, that is, you cannot set a priority <br>
&gt; of a process from within the jail.<br>
<br>
What do you mean? Just<br>
<br>
nice -5 id<br>
<br>
inside a jail doesn&#39;t generate the log message, but<br>
<br>
nice -5 doas id<br>
<br>
does. That was just an example. Actually Icinga runs a command, but before that it does `nice(5)`. That command uses doas and calls a script and that script uses su. I&#39;m not setting a priority directly. In 14.0 all of that didn&#39;t generate log messages.<br>
<br>
&gt; It&#39;s just newly logged.<br>
<br>
Aha! Thanks for the info. OK, how could I prevent it from logging it? I don&#39;t need it in the log every minute.<br>
</blockquote></div><br>It *does* throw an error.  You just need to set the priority in the right direction:<br><br clear="all"># nice -n 5 id<br>uid=0(root) gid=0(wheel) groups=0(wheel),5(operator)</div><div><br></div><div># nice -n -5 id<br>nice: setpriority: Permission denied<br>uid=0(root) gid=0(wheel) groups=0(wheel),5(operator)<br><br></div><div>You have 3 options:<br><br>1) Remove the nice binary from the command that icinga is issuing.<br>2) Lower the priority of the command (higher value)<br>3) Redirect stderr to /dev/null.</div><div><br></div>~Paul<br><div><span class="gmail_signature_prefix">-- </span><br><div dir="ltr" class="gmail_signature">__________________<br><br>:(){ :|:&amp; };:</div></div></div>
home | help

Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAFbbPuiRrSGCkM0ZqC8LsduZmKKiviqZsDdE=Sb-V7RFLKP80A>