Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <20090930120506.GB2978@openwall.com>
Date: Wed, 30 Sep 2009 16:05:07 +0400
From: croco@...nwall.com
To: owl-users@...ts.openwall.com
Subject: Re: can't create users under openvz container

On Wed, Sep 30, 2009 at 02:59:46AM +0400, Solar Designer wrote:
> On Tue, Sep 29, 2009 at 11:53:41PM +0400, croco@...nwall.com wrote:
>
> > open("/etc/tcb/crocodil/shadow.lock",
> > O_WRONLY|O_CREAT|O_NOCTTY|O_NONBLOCK|O_NOFOLLOW, 0600) = -1 EACCES
> > (Permission denied)
> 
> This is typically caused by improper permissions on "/" (the fs root
> directory), which in turn may have been caused by "/" or "." missing
> from your OpenVZ template.  "chmod 755 /" run from within the container
> should fix this for the container.  Adding "." with mode 755 to the
> template tarball should fix it for other containers created from the
> template (as far as I recall).

Exactly this.  Dmitry (ldv) was the first to mention this to me, so I
checked it and saw this is really the case.  See my reply to Dmitry for the
path to the new wiki page I've just created :-)

> This is unrelated to the problem at hand, but the above is an outdated
> kernel version.  I understand that you picked a pre-built OpenVZ kernel,
> but they have newer versions pre-built as well - in fact, they do it for
> each new version they release on the "rhel5" branch.  The current stable
> "rhel5" branch version is:
> 
> http://wiki.openvz.org/Download/kernel/rhel5/028stab064.7

Actually this was the first one I tried.  On my machine it was hanging on
the message "BIOS check successful".  I'm not sure whether it is a buggy
kernel or buggy machine -- either way, the version I finally piked (see
below) just works.

Anyway, I'd prefer to see the Openwall own version of OpenVZ kernel
published somewhere... hmmm... yes, I'm a very boring person.


Thanks!

--
Croco

-- 
To unsubscribe, e-mail owl-users-unsubscribe@...ts.openwall.com and reply
to the automated confirmation request that will be sent to you.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.