[Vserver] Problem with nice inside a vserver

From: Russell Kliese <russell_at_eminence.com.au>
Date: Fri 10 Mar 2006 - 05:05:23 GMT
Message-ID: <44110913.3090305@eminence.com.au>

I have a problem with the find cron job inside a debian vserver.

The find cron job runs the updatedb script as follows:

#! /bin/sh
# cron script to update the `locatedb' database.
# Written by Ian A. Murdock <imurdock@debian.org> and
# Kevin Dalley <kevin@aimnet.com>

if [ -f /etc/updatedb.conf ]; then
  . /etc/updatedb.conf

if getent passwd $LOCALUSER > /dev/null ; then
  cd / && nice -n ${NICE:-10} updatedb 2>/dev/null
  # cd / && updatedb 2>/dev/null
  echo "User $LOCALUSER does not exist."
  exit 1

The updatedb script tries to su to the nobody user, but this fails with
the following messages logged in /var/log/auth.log

Mar 10 14:55:02 secure su[26501]: + pts/1 root:nobody
Mar 10 14:55:02 secure su[26501]: (pam_unix) session opened for user
nobody by root(uid=0)
Mar 10 14:55:02 secure su[26501]: pam_open_session: Permission denied

If I comment in the line with the # in the above script (and comment out
the line above), things work fine (i.e. I don't get the
"pam_open_session: Permission denied" logged in the auth.log). So it
seems to be something to do with nice. Note that even if I remove the
"-n ${NICE:-10}" things still don't work.

Would enabling CAP_SYS_NICE help in this case even though a lower
priority is being set? Or is there something else causing this problem?


Russell Kliese

<http://www.eminence.com.au/> Eminence Technology Pty Ltd
PO Box 118, Moorooka QLD 4105
Web: www.eminence.com.au <http://www.eminence.com.au/>
Ph: +61-7-3277-4100
Fax: +61-7-3105-7484
Vserver mailing list
Received on Fri Mar 10 05:06:43 2006
[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Fri 10 Mar 2006 - 05:06:49 GMT by hypermail 2.1.8