Re: can't run as root with netbsd-5

To: Eric Haszlakiewicz <erh%nimenees.com@localhost>
Subject: Re: can't run as root with netbsd-5
From: Jasper Wallace <jasper%pointless.net@localhost>
Date: Thu, 5 Mar 2009 23:02:38 +0000 (GMT)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wed, 4 Mar 2009, Jasper Wallace wrote:

> --[PinePGP]--------------------------------------------------[begin]--
> On Tue, 3 Mar 2009, Eric Haszlakiewicz wrote:
> 
> > I just tried upgrading one of my machines to netbsd-5.  The process seemed 
> > to
> > go ok on a test machine, and when I tried it on another machine it started
> > out ok, but now I can't run things as root.  Specifically:
> >   I copied a netbsd 5 RC2 generic kernel and rebooted. (previously running
> >      netbsd 4)
> >   After rebooting, I was able to login and run stuff as root just fine.
> >   I was going to let it run for a bit and then upgrade userland, but
> >    now when I attempted to su to root to do so I get errors like:
> >
> > su: /bin/ksh: Resource temporarily unavailable
> >
> >   I can use sudo to switch to other users, and running most things seems
> > to be fine, but actually executing stuff as root from a setuid process
> > fails.  Things that are already running, like apache, seem to be ok, and
> > the root owned apache process can fire up additional www owned processes.
> 
> I've seen this as well, I got it from upgradeing from
> something->netbsd-5-RC1->netbsd-5-RC2.
> 
> I suspected something to do with login.conf or other per user
> limits stuff. When it wasn't working i had > 80 root owned processes, but
> that wasn't near the 16/128 etc proc limits. It did allow root logins again
> after many root processes had been killed off but i can't remember exact
> figures. I didn't have time to look into it further and got hampered a bit
> by PR/40314
> 
> I'll look again tommorow if i get a chance.

ok - the limit was 64 processes. I fiddled around with editing login.conf
and with giving root a class. In the process i deleted login.conf.db and
then it worked. I should of moved the login.conf.db somewhere safe so i
can't reproduce the problem now :(

I can create a new login.conf.db with cap_mkdb and thing are still ok, so
i guess something was a little odd with my old one.

With a login.conf from netbsd-5 and a login.conf.db generated from that it's
also fine.

Perhaps the problem is that etcupdate dosn't regen login.conf.db??

Eric: if you can check weither or not you've got a login.conf.db and if so 
move it somewhere out of /etc and then try su'ing (when you've got > 64 
root owned processes), and then if you can su then moving login.conf.db 
back again and then try su'ing again to see if it fails...

- -- 
[http://pointless.net/]                                   [0x2ECA0975]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (NetBSD)

iQEVAwUBSbBaDgCB+Qwuygl1AQIaBwf+Nz4X3oc8oGFbwBsDrQd05i1StyQBQ4K4
4qyiGw5ioaUpJCMC8YYIC7X5v55xi7Bi5D+lP5j7nF7lK++A4m0ILTi6N/H9mha1
DcFfP21CAuLTpZ025Dszw64UihkY2h7KDBzp24xABw7mv2zE8GtKTt6qdwrchTl2
fpFpTyl7wWit+0nc2OWuhSVjOhajNttErrYh0KJukJUCne3PvkfDU8OlGfg/YyXc
yqRPzehgDJvprkIjWlSUY1eqJmexEZ51gdUQnezlBAAfSuQOBApi+86x55RrRNWO
gelqMIQHqSL+20/KCDKp6960OztW7QLQ1EnQiEjTeunoBhKj5JAkcg==
=Qa56
-----END PGP SIGNATURE-----

Follow-Ups:
- Re: can't run as root with netbsd-5
  - From: Eric Haszlakiewicz
- login.conf.db
  - From: Alan Barrett

References:
- can't run as root with netbsd-5
  - From: Eric Haszlakiewicz
- Re: can't run as root with netbsd-5
  - From: Jasper Wallace

Prev by Date: Re: lenovo T61: wake-up doesn't enable video
Next by Date: Re: can't run as root with netbsd-5
Previous by Thread: Re: can't run as root with netbsd-5
Next by Thread: login.conf.db
Indexes:

Home | Main Index | Thread Index | Old Index