Subject: Irritation with shutdown(8) and postgress rc.d script
To: None <,>
From: Bill Stouder-Studenmund <>
List: tech-userlevel
Date: 03/12/2007 21:41:28
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

I have a box on which I run PostgreSQL. I'm using the rc.d script that=20
came with the pkgsrc server I installed. I'm in the operator group. I can=
run shutdown(8) and turn off the computer.

The problem is when it comes time to stop postgres. Postgress likes to be=
running as the postgress user (pgsql here). So it does a su pgsql to tell=
the system to shutdown.

Well. The problem is that when I run shutdown and shutdown runs rc.d=20
hooks, su notices that I'm me and not root, so it asks for pgsql's=20
password. Well, I've forgotten it. So PostgreSQL gets a hard shutdown.

I chatted with John Nemeth, who indicated that su is calling into PAM, and=
pam_rootok only checks the real id.

For my case the effective ID is roots, but the real is my own.

How do we fix this? I can turn off the computer, so why are we not letting=
me stop services? :-)


1) Make pam_rootok check effective too.

2) Add pam_effectiverootok which checks effective id.

3) Make shutdown set its real id to root as well.

I prefer (1) since if my effective id is root, I am acting as root. I can=
turn off the box, so it makes little sense to not let me do other root=20

But what I really want is for shutdown to work. So any of the three=20
options would be fine.

Oh, this is NetBSD 3.0.

Take care,


Content-Type: application/pgp-signature
Content-Disposition: inline

Version: GnuPG v1.4.3 (NetBSD)