* The Anarcat <[EMAIL PROTECTED]> [071101 16:53]: > Hello! > > Please try "nice ls", and the same tests you've already done > > replacing "nice" by "nice -n 10", too. > > scanner:/# nice su -c ls > su: Permission denied > scanner:/# nice ls > bin dev home lib lost+found mnt proc root srv tmp var > boot etc initrd lib64 media opt restoresymtable sbin sys usr > scanner:/# \nice -n 10 su -c ls > su: Permission denied > > Note that this is a "sarge" vserver, in a "etch" server. This doesn't > happen in a "etch" vserver on another "etch server. Maybe that's > related.
Edit /etc/pam.d/su and comment out the last line, it should look like the following (comment out the line beginning with session): # Sets up user limits, please uncomment and read # /etc/security/limits.conf # to enable this functionality. # (Replaces the use of /etc/limits in old login) session required pam_limits.so This is your pam trying to use pam_limits to do ulimits which you are not allowed to do in the vserver. Its not nice, or su really. > I think the issue is that *su* tries to raise the nice level back to 0. > Maybe that behaviour was fixed in etch. In etch the pam_limits entry in /etc/pam.d/su is commented out by default. > > > I really wonder why this `su -c' call is there, because it doesn't > > > serve any purpose in my eyes. > > > > To be honnest, I don't remember, but looking to the SVN repo logs > > should help to understand this piece of code. I'd like to try fixing > > your "nice + su" issue without modifying this code, which seems to > > work well everywhere else. He he, I don't like modifying good old > > working code. > > I still think the su should go. I have to agree with intrigeri here, unless there is a demonstrated reason why it should go, proof that removing it doesn't cause other problems, I dont see a reason to remove something that works without a reason. Micah
signature.asc
Description: Digital signature
