About this list Date view Thread view Subject view Author view Attachment view

From: Gregory (Grisha) Trubetskoy (grisha_at_ispol.com)
Date: Wed 31 Mar 2004 - 06:34:42 BST


I just spent hours learning how PAM works...

I found that this will happen if S_NICE is set to anything above 0, _and_
pam_limits.so is enabled (default on fedora core 1).

Looking at pam_limits.c, it has this code in setup_limits() which is
probably where the trouble happens:

    if (uid == 0) {

        [SNIP]

            pl->priority = 0;
    }

    [SNIP]

    status = setpriority(PRIO_PROCESS, 0, pl->priority);
    if (status != 0) {
        retval = LIMIT_ERR;
    }

So it looks like pam_limits will try to set your priority to 0 if you're
root. (Should this be considered a pam_limits bug?)

So the solution is either:

1. not to use S_NICE
2. comment out pam_limits.so from both /etc/pam.d/sshd and
/etc/pam.d/system-auth

Grisha

On Mon, 8 Mar 2004, Gregory (Grisha) Trubetskoy wrote:

>
> I saw this posting earlier on:
>
> http://www.paul.sladen.org/vserver/archives/200309/0176.html
>
> And I am seeing the same problem:
>
> debug1: session_by_channel: session 0 channel 0
> debug1: session_input_channel_req: session 0 req shell
> debug1: PAM setting tty to "/dev/pts/0"
> PAM session setup failed[6]: Permission denied
> debug1: Calling cleanup 0x8059c20(0x8090c20)
> debug1: session_pty_cleanup: session 0 release /dev/pts/0
>
>
> Kernel 2.4.25, vserver 1.26 with ctx disk limit patches (though I don't
> think that matters). The os both outside and inside the vserver is RH
> Fedora 1.
>
> I've found that a workaround is to restart sshd in the vserver after
> starting it, e.g.:
>
> # vserver blah start
> [...]
> # vserver blah exec service sshd restart
>
> ...but other than that I've spent quite a bit of time looking at things
> and I can't find what's causing this problem. What might be the difference
> between sshd being started from init, vs doing later?
>
> Has anyone else seen this?
>
> Thanks,
>
> Grisha
>
>
>
_______________________________________________
Vserver mailing list
Vserver_at_list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver


About this list Date view Thread view Subject view Author view Attachment view
[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Wed 31 Mar 2004 - 06:36:08 BST by hypermail 2.1.3