Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-hardened

From: Grob Team <grobteam@×××××.com>
To: gentoo-hardened@l.g.o
Subject: Re: [gentoo-hardened] [SELINUX]: Postgresql don't start
Date: Wed, 27 Apr 2005 23:25:20
Message-Id: b1ac178c050427162579cfb0fd@mail.gmail.com
In Reply to: Re: [gentoo-hardened] [SELINUX]: Postgresql don't start by petre rodan
1 On 4/27/05, petre rodan <kaiowas@g.o> wrote:
2 >
3 > Hi
4 >
5 > Grob Team wrote:
6 > > Hi,
7 > >
8 > > When trying to start postgresql (run_init /etc/init.d/postgre start) I
9 > > got the "Starting PostGreSql" and nothing after, when I do a ps to see
10 > > what happens, I got this:
11 > >
12 > > system_u:system_r:initrc_su_t root 5879 0.0 0.2 2224 932
13 > > tty1 S+ 14:16 0:00 su - postgres -c /usr/bin/pg_ctl start -D
14 > > '/var/lib/postgresql/data' -s -l
15 > > '/var/lib/postgresql/data/postgresql.log' -o ''
16 > > system_u:system_r:system_chkpwd_t root 5880 0.0 0.0 0 0
17 > > tty1 Z+ 14:16 0:00 [unix_chkpwd] <defunct>
18 > >
19 > > So, I tried to do: so - postgres and it "freeze" too. So maybe its not
20 > > postgres but a problem with pam/su. In the logfile, I have this:
21 > > Apr 26 14:55:34 [unix_chkpwd] could not get username from shadow (postgres))
22 > >
23 > > However, postgres is a valid user
24 > > # cat /etc/passwd | grep postgres
25 > > postgres:x:70:70::/var/lib/postgresql:/bin/false
26 > >
27 > > My version of pam is: 0.77-r6
28 > >
29 > > This is the output of the context of /etc/passwd and /etc/shadow
30 > >
31 > > -rw-r--r-- root root system_u:object_r:etc_t /etc/passwd
32 > > -rw------- root root system_u:object_r:shadow_t /etc/shadow
33 > >
34 > > Someone have an idea about the problem?
35 > > Thank you.
36 >
37 > there has to be a postgres line in /etc/shadow
38 >
39 > so go ahead and do smth like
40 > echo 0 > /selinux/enforce
41 > echo 'postgres:!:12000:0:99999:7:::' >> /etc/shadow
42 > /usr/sbin/setfiles -v /etc/security/selinux/src/policy/file_contexts/file_contexts /etc/shadow
43 > echo 1 > /selinux/enforce
44 >
45 > and please don't ask why that line is missing :)
46 >
47 > bye,
48 > peter
49 >
50 > --
51 > petre rodan
52 > <kaiowas@g.o>
53 > Developer,
54 > Hardened Gentoo Linux
55 >
56 >
57 >
58
59 Hi
60
61 You were right. Now all is working. I didn't think to look under
62 shadow because it was under passwd. Thank you petre and Konstantin :)
63
64 --
65 gentoo-hardened@g.o mailing list
Report Message
Find on MARC Find on Google Groups