[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: can't run as root with netbsd-5
-----BEGIN PGP SIGNED MESSAGE-----
On Wed, 4 Mar 2009, Jasper Wallace wrote:
> On Tue, 3 Mar 2009, Eric Haszlakiewicz wrote:
> > I just tried upgrading one of my machines to netbsd-5. The process seemed
> > to
> > go ok on a test machine, and when I tried it on another machine it started
> > out ok, but now I can't run things as root. Specifically:
> > I copied a netbsd 5 RC2 generic kernel and rebooted. (previously running
> > netbsd 4)
> > After rebooting, I was able to login and run stuff as root just fine.
> > I was going to let it run for a bit and then upgrade userland, but
> > now when I attempted to su to root to do so I get errors like:
> > su: /bin/ksh: Resource temporarily unavailable
> > I can use sudo to switch to other users, and running most things seems
> > to be fine, but actually executing stuff as root from a setuid process
> > fails. Things that are already running, like apache, seem to be ok, and
> > the root owned apache process can fire up additional www owned processes.
> I've seen this as well, I got it from upgradeing from
> I suspected something to do with login.conf or other per user
> limits stuff. When it wasn't working i had > 80 root owned processes, but
> that wasn't near the 16/128 etc proc limits. It did allow root logins again
> after many root processes had been killed off but i can't remember exact
> figures. I didn't have time to look into it further and got hampered a bit
> by PR/40314
> I'll look again tommorow if i get a chance.
ok - the limit was 64 processes. I fiddled around with editing login.conf
and with giving root a class. In the process i deleted login.conf.db and
then it worked. I should of moved the login.conf.db somewhere safe so i
can't reproduce the problem now :(
I can create a new login.conf.db with cap_mkdb and thing are still ok, so
i guess something was a little odd with my old one.
With a login.conf from netbsd-5 and a login.conf.db generated from that it's
Perhaps the problem is that etcupdate dosn't regen login.conf.db??
Eric: if you can check weither or not you've got a login.conf.db and if so
move it somewhere out of /etc and then try su'ing (when you've got > 64
root owned processes), and then if you can su then moving login.conf.db
back again and then try su'ing again to see if it fails...
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (NetBSD)
-----END PGP SIGNATURE-----
Main Index |
Thread Index |