On Tue, 20 May 2003, Hattie Rouge wrote:
> At a guess, you should set the 'f' flag to trace forked children. I'm
> guessing that the main daemon forks a child to do the actual work.
>
> I would also set the 'v' flag if the default argument strings seem to be
> truncated.
duh - posted too fast. so, did that and
<snip>
getuid32() = 26
brk(0x8248000) = 0x8248000
open("/etc/passwd", O_RDONLY) = 3
fcntl64(3, F_GETFD) = 0
fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
fstat64(3, {st_mode=S_IFREG|0644, st_size=3659, ...}) = 0
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x4002d000
read(3, "root:x:0:0:root:/root:/bin/bash\n"..., 4096) = 3659
close(3) = 0
munmap(0x4002d000, 4096) = 0
brk(0x824b000) = 0x824b000
open("/etc/shadow", O_RDONLY) = -1 EACCES (Permission denied)
</snip>
but
[root@xxxxx tmp]# egrep 26 /etc/passwd
postgres:x:26:26:PostgreSQL Server:/var/lib/pgsql:/bin/bash
[root@xxxxx tmp]# ls -l /etc/shadow
-r--r----- 1 root shadow 2526 May 8 20:09 /etc/shadow
[root@xxxxx tmp]# egrep postgres /etc/group
postgres:x:26:
shadow:x:4002:root,postgres
wtf?
anyone got ideas?
-a
>
>
> Hattie Rouge
>
>
> > -----Original Message-----
> > From: pam-list-admin@xxxxxxxxxx
> > [mailto:pam-list-admin@xxxxxxxxxx] On Behalf Of ahoward
> > Sent: Tuesday, May 20, 2003 10:20 AM
> > To: pam-list@xxxxxxxxxx
> > Subject: RE: chmod 444 /etc/shadow
> >
> >
> > On Mon, 19 May 2003, Hattie Rouge wrote:
> >
> > > Have you run strace to see what it is doing when it reports
> > the error?
> >
> > yes - wasn't alot of help:
> >
> > waiting for a connection...
> > one came in, sent pasword prompt...
> >
> > --- SIGSTOP (Stopped (signal)) ---
> > ) = 1 (in [3], left {251, 760000})
> > rt_sigprocmask(SIG_SETMASK, ~[ILL TRAP ABRT BUS FPE SEGV
> > CONT SYS], NULL, 8) = 0
> > accept(3, {sin_family=AF_INET, sin_port=htons(53949),
> > sin_addr=inet_addr("137.75.132.144")}}, [16]) = 8
> > getsockname(8, {sin_family=AF_INET, sin_port=htons(5432),
> > sin_addr=inet_addr("137.75.129.65")}}, [16]) = 0
> > setsockopt(8, SOL_TCP, TCP_NODELAY, [1], 4) = 0
> > setsockopt(8, SOL_SOCKET, SO_KEEPALIVE, [1], 4) = 0
> > fork() = 11197
> > close(8) = 0
> > time(NULL) = 1053450868
> > rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
> > select(5, [3 4], [], NULL, {246, 0}) = ? ERESTARTNOHAND
> > (To be restarted)
> > --- SIGCHLD (Child exited) ---
> >
> >
> > this after password has been sent, strange that it doesn't
> > seem to do much?
> >
> > rt_sigprocmask(SIG_SETMASK, ~[ILL TRAP ABRT BUS FPE SEGV
> > CONT SYS], NULL, 8) = 0
> > wait4(-1, [WIFEXITED(s) && WEXITSTATUS(s) == 0], WNOHANG,
> > NULL) = 11197
> > send(5,
> > "\2\0\0\0\30\0\0\0\0\0\0\0\275+\0\0\0\0\0\0\0\0\0\0", 24, 0) = 24
> > wait4(-1, 0xbffff06c, WNOHANG, NULL) = 0
> > rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
> > sigreturn() = ? (mask now [])
> > rt_sigprocmask(SIG_SETMASK, ~[ILL TRAP ABRT BUS FPE SEGV
> > CONT SYS], NULL, 8) = 0
> > time(NULL) = 1053450868
> > rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
> > select(5, [3 4], [], NULL, {246, 0}) = 1 (in [3], left
> > {233, 800000})
> > rt_sigprocmask(SIG_SETMASK, ~[ILL TRAP ABRT BUS FPE SEGV
> > CONT SYS], NULL, 8) = 0
> > accept(3, {sin_family=AF_INET, sin_port=htons(53950),
> > sin_addr=inet_addr("137.75.132.144")}}, [16]) = 8
> > getsockname(8, {sin_family=AF_INET, sin_port=htons(5432),
> > sin_addr=inet_addr("137.75.129.65")}}, [16]) = 0
> > setsockopt(8, SOL_TCP, TCP_NODELAY, [1], 4) = 0
> > setsockopt(8, SOL_SOCKET, SO_KEEPALIVE, [1], 4) = 0
> > fork() = 11198
> > close(8) = 0
> > time(NULL) = 1053450880
> > rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
> > select(5, [3 4], [], NULL, {234, 0}) = ? ERESTARTNOHAND
> > (To be restarted)
> > --- SIGCHLD (Child exited) ---
> >
> > waiting for another connection...
> >
> > rt_sigprocmask(SIG_SETMASK, ~[ILL TRAP ABRT BUS FPE SEGV
> > CONT SYS], NULL, 8) = 0
> > wait4(-1, [WIFEXITED(s) && WEXITSTATUS(s) == 0], WNOHANG,
> > NULL) = 11198
> > send(5,
> > "\2\0\0\0\30\0\0\0\0\0\0\0\276+\0\0\0\0\0\0\0\0\0\0", 24, 0) = 24
> > wait4(-1, 0xbffff06c, WNOHANG, NULL) = 0
> > rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
> > sigreturn() = ? (mask now [])
> > rt_sigprocmask(SIG_SETMASK, ~[ILL TRAP ABRT BUS FPE SEGV
> > CONT SYS], NULL, 8) = 0
> > time(NULL) = 1053450883
> > rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
> > select(5, [3 4], [], NULL, {231, 0}
> >
> > -a
> >
> > --
> > ====================================
> > | Ara Howard
> > | NOAA Forecast Systems Laboratory
> > | Information and Technology Services
> > | Data Systems Group
> > | R/FST 325 Broadway
> > | Boulder, CO 80305-3328
> > | Email: ara.t.howard@xxxxxxxxxxxx
> > | Phone: 303-497-7238
> > | Fax: 303-497-7259
> > ====================================
> >
> >
> > _______________________________________________
> >
> > Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
> >
>
>
> _______________________________________________
>
> Pam-list@xxxxxxxxxx
> https://www.redhat.com/mailman/listinfo/pam-list
>
--
====================================
| Ara Howard
| NOAA Forecast Systems Laboratory
| Information and Technology Services
| Data Systems Group
| R/FST 325 Broadway
| Boulder, CO 80305-3328
| Email: ara.t.howard@xxxxxxxxxxxx
| Phone: 303-497-7238
| Fax: 303-497-7259
====================================
_______________________________________________
Pam-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/pam-list
