--/9DWx/yDrRhgMJTb
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

I have a box on which I run PostgreSQL. I'm using the rc.d script that=20
came with the pkgsrc server I installed. I'm in the operator group. I can=
=20
run shutdown(8) and turn off the computer.

The problem is when it comes time to stop postgres. Postgress likes to be=
=20
running as the postgress user (pgsql here). So it does a su pgsql to tell=
=20
the system to shutdown.

Well. The problem is that when I run shutdown and shutdown runs rc.d=20
hooks, su notices that I'm me and not root, so it asks for pgsql's=20
password. Well, I've forgotten it. So PostgreSQL gets a hard shutdown.

I chatted with John Nemeth, who indicated that su is calling into PAM, and=
=20
pam_rootok only checks the real id.

For my case the effective ID is roots, but the real is my own.

How do we fix this? I can turn off the computer, so why are we not letting=
=20
me stop services? :-)

Options:

1) Make pam_rootok check effective too.

2) Add pam_effectiverootok which checks effective id.

3) Make shutdown set its real id to root as well.

I prefer (1) since if my effective id is root, I am acting as root. I can=
=20
turn off the box, so it makes little sense to not let me do other root=20
things.

But what I really want is for shutdown to work. So any of the three=20
options would be fine.

Oh, this is NetBSD 3.0.

Take care,

Bill

--/9DWx/yDrRhgMJTb
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (NetBSD)

iD8DBQFF9jmIWz+3JHUci9cRAmqEAJ957agRXf9lwlnVhy8bEj1OADMjGACfe2tq
/qAeOPsV3Kz7olNuBEr37mA=
=xh7P
-----END PGP SIGNATURE-----

--/9DWx/yDrRhgMJTb--