Date: Thu, 25 Dec 2008 09:13:32 -0900 From: Mel <fbsd.questions@rachie.is-a-geek.net> To: freebsd-questions@freebsd.org, KES <kes-kes@yandex.ru> Cc: users@subversion.tigris.org Subject: Re: can not start SVNserve Message-ID: <200812250913.32919.fbsd.questions@rachie.is-a-geek.net> In-Reply-To: <1004558695.20081224005059@yandex.ru> References: <42213407.20081212101341@yandex.ru> <498807086.20081221134904@yandex.ru> <1004558695.20081224005059@yandex.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tuesday 23 December 2008 13:50:59 KES wrote:
> =C7=E4=F0=E0=E2=F1=F2=E2=F3=E9=F2=E5, KES.
>
> =C2=FB =EF=E8=F1=E0=EB=E8 21 =E4=E5=EA=E0=E1=F0=FF 2008 =E3., 13:49:04:
>
> K> =C7=E4=F0=E0=E2=F1=F2=E2=F3=E9=F2=E5, Mel.
>
> K> =C2=FB =EF=E8=F1=E0=EB=E8 21 =E4=E5=EA=E0=E1=F0=FF 2008 =E3., 13:10:47:
>
> M>> On Thursday 18 December 2008 09:03:54 KES wrote:
> >>> =C7=E4=F0=E0=E2=F1=F2=E2=F3=E9=F2=E5, Mel.
> >>>
> >>> =C2=FB =EF=E8=F1=E0=EB=E8 18 =E4=E5=EA=E0=E1=F0=FF 2008 =E3., 9:05:35:
> >>>
> >>> M> On Wednesday 17 December 2008 21:02:07 KES wrote:
> >>> >> =C7=E4=F0=E0=E2=F1=F2=E2=F3=E9=F2=E5, Mel.
> >>> >>
> >>> >> =C2=FB =EF=E8=F1=E0=EB=E8 17 =E4=E5=EA=E0=E1=F0=FF 2008 =E3., 9:11=
:19:
> >>> >>
> >>> >> M> On Sunday 14 December 2008 16:11:17 KES wrote:
> >>> >> >> =C7=E4=F0=E0=E2=F1=F2=E2=F3=E9=F2=E5, Polytropon.
> >>> >> >>
> >>> >> >> =C2=FB =EF=E8=F1=E0=EB=E8 14 =E4=E5=EA=E0=E1=F0=FF 2008 =E3., 1=
5:11:35:
> >>> >> >>
> >>> >> >> P> On Sun, 14 Dec 2008 12:58:55 +0100 (CET), Wojciech Puchar
> >>> >> >>
> >>> >> >> P> <wojtek@wojtek.tensor.gdynia.pl> wrote:
> >>> >> >> >> > su: Sorry
> >>> >> >> >> >
> >>> >> >> >> >
> >>> >> >> >> > kes# pw user mod svn -s /bin/bash
> >>> >> >> >> > kes# pw user show svn
> >>> >> >> >> > svn:*:1005:1005::0:0:SVN user:/nonexistent:/bin/bash
> >>> >> >> >> > kes# /usr/local/etc/rc.d/svnserve start
> >>> >> >> >> > Starting svnserve.
> >>> >> >> >> > su: Sorry
> >>> >> >> >>
> >>> >> >> >> try to change directory to existent
> >>> >> >>
> >>> >> >> P> (1) What's /bin/bash? Check existing shell.
> >>> >> >>
> >>> >> >> P> (2) As you said: Check existing directory.
> >>> >> >>
> >>> >> >> P> (3) Regarding su, check for wheel group inclusion.
> >>> >> >>
> >>> >> >> home# uname -a
> >>> >> >> FreeBSD home.kes.net.ua 7.0-STABLE FreeBSD 7.0-STABLE #0: Tue A=
ug
> >>> >> >> 12 02:11:24 EEST 2008
> >>> >> >> kes@kes.net.ua:/usr/obj/usr/src/sys/KES_KERN_v7 i386 home# pw
> >>> >> >> user show svn
> >>> >> >> svn:*:1003:1002::0:0:SVN user:/nonexistent:/usr/sbin/nologin
> >>> >> >>
> >>> >> >> As you can see on 'home' machine svn user has no valid shell al=
so
> >>> >> >> it has not valid home directory and it is not included into whe=
el
> >>> >> >> group
> >>> >> >>
> >>> >> >> But svnserve is started and works fine. With same settings
> >>> >> >> svnserve does not work on
> >>> >> >> kes# uname -a
> >>> >> >> FreeBSD kes.net.ua 7.1-PRERELEASE FreeBSD 7.1-PRERELEASE #: Sun
> >>> >> >> Nov 23 17:19:12 EET 2008
> >>> >> >> kes@home.kes.net.ua:/usr/obj/usr/src/sys/KES_KERN_v7 i386
> >>> >>
> >>> >> M> echo 'rc_debug=3D"YES"'>>/etc/rc.conf
> >>> >> M> /usr/local/etc/rc.d/svnserve start
> >>> >>
> >>> >> M> Show output from /var/log/messages.
> >>> >>
> >>> >> kes# kes# /usr/local/etc/rc.d/svnserve start
> >>> >> /usr/local/etc/rc.d/svnserve: DEBUG: checkyesno: svnserve_enable is
> >>> >> set to YES. Starting svnserve.
> >>> >> /usr/local/etc/rc.d/svnserve: DEBUG: run_rc_command: doit: su -m s=
vn
> >>> >> -c 'sh -c "/usr/local/bin/svnserve -d --listen-port=3D3690
> >>> >> --foreground -r /var/db/trunk"' su: Sorry
> >>>
> >>> M> Does this command work from the command line?
> >>> M> If not, does it work if called as su -fm rather then su -m?
> >>> M> If that does not work, does the primary group svn is supposed to be
> >>> in exist?
> >>>
> >>>
> >>> kes# su -m svn -c 'sh -c "/usr/local/bin/svnserve -d --listen-port=3D=
3690
> >>> --foreground -r /var/db/trunk"' su: Sorry
> >>> kes# su -fm svn -c 'sh -c "/usr/local/bin/svnserve -d
> >>> --listen-port=3D3690 --foreground -r /var/db/trunk"' su: Sorry
> >>> kes# pw group show svn
> >>> svn:*:1005:
> >>> kes# cat /etc/group | grep svn
> >>> svn:*:1005:
> >>> kes# pw user show svn
> >>> svn:*:1005:1005::0:0:SVN user:/nonexistent:/bin/bash
> >>>
> >>> As you see it does not work also with -fm option
> >>>
> >>>
> >>> Also I notice next differences between FreeBDS 7.0 and 7.1 (detail
> >>> below) Notice that on both system account is locked, has no valid she=
ll
> >>> and home directory
> >>> on FreeBSD 7.0 when I try to login with svn user it says: This account
> >>> is currently not available. on FreeBSD 7.1 when I try to login with s=
vn
> >>> user it says: su: Sorry Maybe there is a problem with su on FreeBSD
> >>> 7.1?
> >>>
> >>>
> >>>
> >>> home# pw user show svn
> >>> svn:*:1003:1002::0:0:SVN user:/nonexistent:/usr/sbin/nologin
> >>> home# su svn
> >>> This account is currently not available.
> >>>
> >>>
> >>> kes# pw user show svn
> >>> svn:*:1005:1005::0:0:SVN user:/nonexistent:/bin/bash
> >>> kes# su svn
> >>> su: Sorry
> >>> kes# pw user mod svn -s /usr/bin/nologin
> >>> kes# pw user show svn
> >>> svn:*:1005:1005::0:0:SVN user:/nonexistent:/usr/bin/nologin
> >>> kes# su svn
> >>> su: Sorry
>
> M>> The problem is elsewhere. Probably in pam(3) on the faulty machine. T=
he
> only M>> change to su.c from 7.0 to 7.1 is fixing a compiler warning. The=
re
> are 3 M>> instances where su exits with "Sorry". All occasions are logged
> to syslog. M>> Can you dig those log entries up?
>
> K> Dec 21 13:47:54 kes su: kes to root on /dev/ttyp5
> K> Dec 21 13:47:58 kes kes: /r/svnserve: DEBUG: checkyesno: svnserve_enab=
le
> is set to YES. K> Dec 21 13:47:58 kes kes: /r/svnserve: DEBUG:
> run_rc_command: doit: K> su -m svn -c 'sh -c "/usr/local/bin/svnserve -d
> K> --listen-port=3D3690 --foreground -r /var/db/trunk"'
> K> Dec 21 13:47:58 kes su: pam_acct_mgmt: authentication error
>
> K> Yeah, there is problem with pam. Why pam restrict root to run command
> K> under other user?
>
> Strange, but mysql works... ((
>
> kes# /r/mysql-server start
> /r/mysql-server: DEBUG: checkyesno: mysql_enable is set to YES.
> /r/mysql-server: DEBUG: pid file (/var/db/mysql/kes.net.ua.pid): not
> readable. /r/mysql-server: DEBUG: run_rc_command: start_precmd:
> mysql_prestart /r/mysql-server: DEBUG: checkyesno: mysql_limits is set to
> NO.
> Starting mysql.
> /r/mysql-server: DEBUG: run_rc_command: doit: su -m mysql -c 'sh -c
> "/usr/local/bin/mysqld_safe --defaults-extra-file=3D/var/db/mysql/my.cnf
> --user=3Dmysql --datadir=3D/var/db/mysql
> --pid-file=3D/var/db/mysql/kes.net.ua.pid > /dev/null 2>&1 &"'
> /r/mysql-server: DEBUG: run_rc_command: start_postcmd: mysql_poststart
This is a bit of a guess, but what if you change the uid and gid for the sv=
n=20
user/group to below 1000.
=2D-=20
Mel
Problem with today's modular software: they start with the modules
and never get to the software part.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200812250913.32919.fbsd.questions>