1 |
On 4/27/05, petre rodan <kaiowas@g.o> wrote: |
2 |
> |
3 |
> Hi |
4 |
> |
5 |
> Grob Team wrote: |
6 |
> > Hi, |
7 |
> > |
8 |
> > When trying to start postgresql (run_init /etc/init.d/postgre start) I |
9 |
> > got the "Starting PostGreSql" and nothing after, when I do a ps to see |
10 |
> > what happens, I got this: |
11 |
> > |
12 |
> > system_u:system_r:initrc_su_t root 5879 0.0 0.2 2224 932 |
13 |
> > tty1 S+ 14:16 0:00 su - postgres -c /usr/bin/pg_ctl start -D |
14 |
> > '/var/lib/postgresql/data' -s -l |
15 |
> > '/var/lib/postgresql/data/postgresql.log' -o '' |
16 |
> > system_u:system_r:system_chkpwd_t root 5880 0.0 0.0 0 0 |
17 |
> > tty1 Z+ 14:16 0:00 [unix_chkpwd] <defunct> |
18 |
> > |
19 |
> > So, I tried to do: so - postgres and it "freeze" too. So maybe its not |
20 |
> > postgres but a problem with pam/su. In the logfile, I have this: |
21 |
> > Apr 26 14:55:34 [unix_chkpwd] could not get username from shadow (postgres)) |
22 |
> > |
23 |
> > However, postgres is a valid user |
24 |
> > # cat /etc/passwd | grep postgres |
25 |
> > postgres:x:70:70::/var/lib/postgresql:/bin/false |
26 |
> > |
27 |
> > My version of pam is: 0.77-r6 |
28 |
> > |
29 |
> > This is the output of the context of /etc/passwd and /etc/shadow |
30 |
> > |
31 |
> > -rw-r--r-- root root system_u:object_r:etc_t /etc/passwd |
32 |
> > -rw------- root root system_u:object_r:shadow_t /etc/shadow |
33 |
> > |
34 |
> > Someone have an idea about the problem? |
35 |
> > Thank you. |
36 |
> |
37 |
> there has to be a postgres line in /etc/shadow |
38 |
> |
39 |
> so go ahead and do smth like |
40 |
> echo 0 > /selinux/enforce |
41 |
> echo 'postgres:!:12000:0:99999:7:::' >> /etc/shadow |
42 |
> /usr/sbin/setfiles -v /etc/security/selinux/src/policy/file_contexts/file_contexts /etc/shadow |
43 |
> echo 1 > /selinux/enforce |
44 |
> |
45 |
> and please don't ask why that line is missing :) |
46 |
> |
47 |
> bye, |
48 |
> peter |
49 |
> |
50 |
> -- |
51 |
> petre rodan |
52 |
> <kaiowas@g.o> |
53 |
> Developer, |
54 |
> Hardened Gentoo Linux |
55 |
> |
56 |
> |
57 |
> |
58 |
|
59 |
Hi |
60 |
|
61 |
You were right. Now all is working. I didn't think to look under |
62 |
shadow because it was under passwd. Thank you petre and Konstantin :) |
63 |
|
64 |
-- |
65 |
gentoo-hardened@g.o mailing list |