can not start SVNserve

Mel fbsd.questions at rachie.is-a-geek.net
Mon Dec 22 02:05:18 PST 2008 

On Sunday 21 December 2008 12:49:04 KES wrote:
> Здравствуйте, Mel.
>
> Вы писали 21 декабря 2008 г., 13:10:47:
>
> M> On Thursday 18 December 2008 09:03:54 KES wrote:
> >> Здравствуйте, Mel.
> >>
> >> Вы писали 18 декабря 2008 г., 9:05:35:
> >>
> >> M> On Wednesday 17 December 2008 21:02:07 KES wrote:

<snip>

> >> Also I notice next differences between FreeBDS 7.0 and 7.1 (detail
> >> below) Notice that on both system account is locked, has no valid shell
> >> and home directory
> >> on FreeBSD 7.0 when I try to login with svn user it says: This account
> >> is currently not available. on FreeBSD 7.1 when I try to login with svn
> >> user it says: su: Sorry Maybe there is a problem with su on FreeBSD 7.1?
> >>
> >>
> >>
> >> home# pw user show svn
> >> svn:*:1003:1002::0:0:SVN user:/nonexistent:/usr/sbin/nologin
> >> home# su svn
> >> This account is currently not available.
> >>
> >>
> >> kes# pw user show svn
> >> svn:*:1005:1005::0:0:SVN user:/nonexistent:/bin/bash
> >> kes# su svn
> >> su: Sorry
> >> kes# pw user mod svn -s /usr/bin/nologin
> >> kes# pw user show svn
> >> svn:*:1005:1005::0:0:SVN user:/nonexistent:/usr/bin/nologin
> >> kes# su svn
> >> su: Sorry
>
> M> The problem is elsewhere. Probably in pam(3) on the faulty machine. The
> only M> change to su.c from 7.0 to 7.1 is fixing a compiler warning. There
> are 3 M> instances where su exits with "Sorry". All occasions are logged to
> syslog. M> Can you dig those log entries up?
>
> Dec 21 13:47:54 kes su: kes to root on /dev/ttyp5
> Dec 21 13:47:58 kes kes: /r/svnserve: DEBUG: checkyesno: svnserve_enable is
> set to YES. Dec 21 13:47:58 kes kes: /r/svnserve: DEBUG: run_rc_command:
> doit: su -m svn -c 'sh -c "/usr/local/bin/svnserve -d --listen-port=3690
> --foreground -r /var/db/trunk"'
> Dec 21 13:47:58 kes su: pam_acct_mgmt: authentication error
>
> Yeah, there is problem with pam. Why pam restrict root to run command
> under other user?

Is /etc/pam.d/su present and does it contain the line:
account         include         system

If so, the /etc/pam.d/system should contain:
# account
#account        required        pam_krb5.so
account         required        pam_login_access.so
account         required        pam_unix.so

If this is all ok, I suggest rebuilding pam with OPENPAM_DEBUG defined, so 
that you can see where things go wrong.
Just out of curiousity, if you install something like mysql or squid, those 
users should be inaccessable for the same reason, cause I don't see anything 
wrong with the svn user itself.

-- 
Mel

Problem with today's modular software: they start with the modules
    and never get to the software part.

More information about the freebsd-questions mailing list