Date: Mon, 22 Dec 2008 11:04:53 +0100 From: Mel <fbsd.questions@rachie.is-a-geek.net> To: freebsd-questions@freebsd.org, KES <kes-kes@yandex.ru> Cc: users@subversion.tigris.org Subject: Re: can not start SVNserve Message-ID: <200812221104.55946.fbsd.questions@rachie.is-a-geek.net> In-Reply-To: <498807086.20081221134904@yandex.ru> References: <42213407.20081212101341@yandex.ru> <200812211210.48287.fbsd.questions@rachie.is-a-geek.net> <498807086.20081221134904@yandex.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sunday 21 December 2008 12:49:04 KES wrote:
> =C7=E4=F0=E0=E2=F1=F2=E2=F3=E9=F2=E5, Mel.
>
> =C2=FB =EF=E8=F1=E0=EB=E8 21 =E4=E5=EA=E0=E1=F0=FF 2008 =E3., 13:10:47:
>
> M> On Thursday 18 December 2008 09:03:54 KES wrote:
> >> =C7=E4=F0=E0=E2=F1=F2=E2=F3=E9=F2=E5, Mel.
> >>
> >> =C2=FB =EF=E8=F1=E0=EB=E8 18 =E4=E5=EA=E0=E1=F0=FF 2008 =E3., 9:05:35:
> >>
> >> M> On Wednesday 17 December 2008 21:02:07 KES wrote:
<snip>
> >> Also I notice next differences between FreeBDS 7.0 and 7.1 (detail
> >> below) Notice that on both system account is locked, has no valid shell
> >> and home directory
> >> on FreeBSD 7.0 when I try to login with svn user it says: This account
> >> is currently not available. on FreeBSD 7.1 when I try to login with svn
> >> user it says: su: Sorry Maybe there is a problem with su on FreeBSD 7.=
1?
> >>
> >>
> >>
> >> home# pw user show svn
> >> svn:*:1003:1002::0:0:SVN user:/nonexistent:/usr/sbin/nologin
> >> home# su svn
> >> This account is currently not available.
> >>
> >>
> >> kes# pw user show svn
> >> svn:*:1005:1005::0:0:SVN user:/nonexistent:/bin/bash
> >> kes# su svn
> >> su: Sorry
> >> kes# pw user mod svn -s /usr/bin/nologin
> >> kes# pw user show svn
> >> svn:*:1005:1005::0:0:SVN user:/nonexistent:/usr/bin/nologin
> >> kes# su svn
> >> su: Sorry
>
> M> The problem is elsewhere. Probably in pam(3) on the faulty machine. The
> only M> change to su.c from 7.0 to 7.1 is fixing a compiler warning. There
> are 3 M> instances where su exits with "Sorry". All occasions are logged =
to
> syslog. M> Can you dig those log entries up?
>
> Dec 21 13:47:54 kes su: kes to root on /dev/ttyp5
> Dec 21 13:47:58 kes kes: /r/svnserve: DEBUG: checkyesno: svnserve_enable =
is
> set to YES. Dec 21 13:47:58 kes kes: /r/svnserve: DEBUG: run_rc_command:
> doit: su -m svn -c 'sh -c "/usr/local/bin/svnserve -d --listen-port=3D3690
> --foreground -r /var/db/trunk"'
> Dec 21 13:47:58 kes su: pam_acct_mgmt: authentication error
>
> Yeah, there is problem with pam. Why pam restrict root to run command
> under other user?
Is /etc/pam.d/su present and does it contain the line:
account include system
If so, the /etc/pam.d/system should contain:
# account
#account required pam_krb5.so
account required pam_login_access.so
account required pam_unix.so
If this is all ok, I suggest rebuilding pam with OPENPAM_DEBUG defined, so=
=20
that you can see where things go wrong.
Just out of curiousity, if you install something like mysql or squid, those=
=20
users should be inaccessable for the same reason, cause I don't see anythin=
g=20
wrong with the svn user itself.
=2D-=20
Mel
Problem with today's modular software: they start with the modules
and never get to the software part.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200812221104.55946.fbsd.questions>