Current-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: can't run as root with netbsd-5

Hash: SHA1

On Wed, 4 Mar 2009, Jasper Wallace wrote:

> --[PinePGP]--------------------------------------------------[begin]--
> On Tue, 3 Mar 2009, Eric Haszlakiewicz wrote:
> > I just tried upgrading one of my machines to netbsd-5.  The process seemed 
> > to
> > go ok on a test machine, and when I tried it on another machine it started
> > out ok, but now I can't run things as root.  Specifically:
> >   I copied a netbsd 5 RC2 generic kernel and rebooted. (previously running
> >      netbsd 4)
> >   After rebooting, I was able to login and run stuff as root just fine.
> >   I was going to let it run for a bit and then upgrade userland, but
> >    now when I attempted to su to root to do so I get errors like:
> >
> > su: /bin/ksh: Resource temporarily unavailable
> >
> >   I can use sudo to switch to other users, and running most things seems
> > to be fine, but actually executing stuff as root from a setuid process
> > fails.  Things that are already running, like apache, seem to be ok, and
> > the root owned apache process can fire up additional www owned processes.
> I've seen this as well, I got it from upgradeing from
> something->netbsd-5-RC1->netbsd-5-RC2.
> I suspected something to do with login.conf or other per user
> limits stuff. When it wasn't working i had > 80 root owned processes, but
> that wasn't near the 16/128 etc proc limits. It did allow root logins again
> after many root processes had been killed off but i can't remember exact
> figures. I didn't have time to look into it further and got hampered a bit
> by PR/40314
> I'll look again tommorow if i get a chance.

ok - the limit was 64 processes. I fiddled around with editing login.conf
and with giving root a class. In the process i deleted login.conf.db and
then it worked. I should of moved the login.conf.db somewhere safe so i
can't reproduce the problem now :(

I can create a new login.conf.db with cap_mkdb and thing are still ok, so
i guess something was a little odd with my old one.

With a login.conf from netbsd-5 and a login.conf.db generated from that it's
also fine.

Perhaps the problem is that etcupdate dosn't regen login.conf.db??

Eric: if you can check weither or not you've got a login.conf.db and if so 
move it somewhere out of /etc and then try su'ing (when you've got > 64 
root owned processes), and then if you can su then moving login.conf.db 
back again and then try su'ing again to see if it fails...

- -- 
[]                                   [0x2ECA0975]
Version: GnuPG v1.4.9 (NetBSD)


Home | Main Index | Thread Index | Old Index