Subject: Irritation with shutdown(8) and postgress rc.d script
To: None <email@example.com, firstname.lastname@example.org>
From: Bill Stouder-Studenmund <email@example.com>
Date: 03/12/2007 21:41:28
Content-Type: text/plain; charset=us-ascii
I have a box on which I run PostgreSQL. I'm using the rc.d script that=20
came with the pkgsrc server I installed. I'm in the operator group. I can=
run shutdown(8) and turn off the computer.
The problem is when it comes time to stop postgres. Postgress likes to be=
running as the postgress user (pgsql here). So it does a su pgsql to tell=
the system to shutdown.
Well. The problem is that when I run shutdown and shutdown runs rc.d=20
hooks, su notices that I'm me and not root, so it asks for pgsql's=20
password. Well, I've forgotten it. So PostgreSQL gets a hard shutdown.
I chatted with John Nemeth, who indicated that su is calling into PAM, and=
pam_rootok only checks the real id.
For my case the effective ID is roots, but the real is my own.
How do we fix this? I can turn off the computer, so why are we not letting=
me stop services? :-)
1) Make pam_rootok check effective too.
2) Add pam_effectiverootok which checks effective id.
3) Make shutdown set its real id to root as well.
I prefer (1) since if my effective id is root, I am acting as root. I can=
turn off the box, so it makes little sense to not let me do other root=20
But what I really want is for shutdown to work. So any of the three=20
options would be fine.
Oh, this is NetBSD 3.0.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (NetBSD)
-----END PGP SIGNATURE-----