- 论坛徽章:
- 0
|
OS:Solaris10 U2 Sparc
App:ims52sp2
突然发现无法从普通用户su到root,日志报错如下:
Mar 26 16:23:03 mail2 su: [ID 401707 auth.error] open_module: /usr/lib/security/pam_authtok_get.so.1 failed: ld.so.1: su: 致命的: libnss3.so: 打开失败: 无此文件或目录
Mar 26 16:23:03 mail2 su: [ID 487707 auth.error] load_modules: can not open module /usr/lib/security/pam_authtok_get.so.1
Mar 26 16:23:03 mail2 su: [ID 810491 auth.crit] 'su root' failed for zhaoyu on /dev/pts/4
回忆到刚刚升级了ims52到ims52sp2,查了一下升级日志:
-bash-3.00# grep libnss3 /opt/sunone/ims52zh/patch/5.2p2/log
cp bin/msg/lib/libnss3.so /opt/sunone/ims52zh/bin/msg/lib/libnss3.so
发现果然覆盖了一个libnss3.so的文件,而该文件正在crle所列出的路径下。
-bash-3.00# crle
Configuration file [version 4]: /var/ld/ld.config
Default Library Path (ELF): /lib:/usr/lib:/opt/sunone/ims52zh/bin/msg/imta/lib:/opt/sunone/ims52zh/bin/msg/lib
Trusted Directories (ELF): /usr/lib/secure:/opt/SUNWmsgsr/lib:/opt/sunone/ims52zh/bin/msg/imta/lib:/opt/sunone/ims52zh/bin/msg/lib
Command line:
crle -c /var/ld/ld.config -l /lib:/usr/lib:/opt/sunone/ims52zh/bin/msg/imta/lib:/opt/sunone/ims52zh/bin/msg/lib -s /usr/lib/secure:/opt/SUNWmsgsr/lib:/opt/sunone/ims52zh/bin/msg/imta/lib:/opt/sunone/ims52zh/bin/msg/lib
ldd却显示使用了/usr/lib/mps/libnss3.so
-bash-3.00# ldd /usr/lib/security/pam_authtok_get.so.1 |grep libnss
libnss3.so => /usr/lib/mps/libnss3.so
因此尝试用系统原有文件覆盖新文件。这会对ims52造成破坏,但我们可能用不到nss(Name Switch Service)功能,所以权且覆盖。
cp /usr/lib/mps/libnss3.so /opt/sunone/ims52zh/bin/msg/lib/
再次su操作,故障消失,一切正常。
启动邮件服务,一切正常。
如下为解决故障过程中的一些chat log:
--------------------------------------------------------------------------------
[21:58] hum...while i su to root,i got the following error message:
[21:58] Mar 25 21:53:33 mail2 su: [ID 401707 auth.error] open_module: /usr/lib/security/pam_authtok_get.so.1 failed: ld.so.1: su: fatal: libnss3.so: open failed: No such file or directory
[21:58] Mar 25 21:53:33 mail2 su: [ID 487707 auth.error] load_modules: can not open module /usr/lib/security/pam_authtok_get.so.1
[21:59] i don't know what happened in my solaris10 sparc
[21:59] could anybody tell me what's wrong with my system? thx!
[22:07] does anzone use similiar feature?
[22:07] Option "XkbLayout" "us,cz" Option "XkbOptions" "grp:alt_shift_toggle,grp_led:scroll"
[22:08] it for switching keyboards layout ... but when I use it on OpenSolaris b60
[22:09] alt-shiftt worked only once and now I can't switch back to us layout :(
[22:10] omg: it works you only need to press shift before alt ;-)
[22:14] could anybody give me some advice?
[22:19] o00o: it's strange that for root login it's looking for nss service ...
[22:25] Pietro_S:what's the "nss"'s full name?
[22:25] netscape network security service?
[22:27] Pietro_S: or nss=name service switch ?
[22:51] trygvis: yes it's name service ..., root should be checked only with local passwd
[22:51] it's strange to have in NIS or ldap - root account
[22:55] o00o: but I doubt that it will be the source of error, I just stated my opinion that it's strange behavior for root account
[22:56] Pietro_S:maybe i have replaced the file ,i find some file with same filename,but don't know which should be used.
[22:57] -bash-3.00# find / -name libnss3.so
[22:57] /var/opt/mps/serverroot/lib/libnss3.so
[22:57] /var/opt/mps/serverroot/lib/sparcv9/libnss3.so
[22:57] /var/opt/mps/serverroot/bin/msg/admin/lib/libnss3.so
[22:57] /opt/SUNWcomm/lib/libnss3.so
[22:57] /opt/SUNWmsgsr/lib/libnss3.so
[22:57] /opt/sunone/ids52zh/lib/64/libnss3.so
[22:57] /opt/sunone/ids52zh/lib/libnss3.so
[22:57] /opt/sunone/ims52zh/bin/msg/lib/libnss3.so
[22:57] /opt/sunone/iws/bin/https/lib/libnss3.so
[22:57] /usr/lib/mps/libnss3.so
[22:57] /usr/lib/mps/secv1/libnss3.so
[22:57] /usr/lib/mps/secv1/sparcv9/libnss3.so
[22:57] /usr/lib/mps/sparcv9/libnss3.so
[22:57] /usr/sfw/lib/mozilla/libnss3.so
[22:58] sorry fot paste here! ;)
[22:58] sorry for paste here! ;)
[23:02] question is where does pam_authtok_get.so.1 want to have it
[23:04] but surely don't copy that file from mozilla - in mozilla and other 'browser' packages the shortcut nss means something else
[23:04] o00o: Does "ldd" on pam_authtok_get.so.1 report any "file not found" lines? It should link to /usr/lib/mps/libnss3.so
[23:04] but I would take look to /etc/pam.conf first to see if you didn't do any change there ...
[23:05] 15:23 trede: you can download it from opensolaris.org/sxce_dvd
[23:06] just now it's for trygvis ;-)
[23:07] Pietro_S:i never touch /etc/pam.conf,i'm sure
[23:07] -bash-3.00# ldd pam_authtok_get.so.1
[23:07] ldd: pam_authtok_get.so.1: cannot open file: No such file or directory
[23:08] ok,got it
[23:08] libnss3.so => /usr/lib/mps/libnss3.so
[23:13] but it's the same size with the normal system...
[23:13] Any recent changes/patches to the system? Check the files in /usr/lib/mps, and run "pkgchk SUNWtls" (that's the package that delivers the /usr/lib/mps files )
[23:19] IvanR_: i run pkgchk,but get nothing.
[23:19] -bash-3.00# pkgchk SUNWtls
[23:19] -bash-3.00#
[23:20] should i find and install the package "SUNWtls" ?
[23:22] No, that means it completed w/ no errors. So the files are good.
[23:23] oh...
[23:23] hum...then what's the next?
[23:28] IvanR_:ok,i have to leave,thx for your help ! my bot will watch the log if you have any advice .
[23:28] thank Pietro_S too!
[23:29] * Quits: o00o (
[email=n=@221.200.207.36]n=@221.200.207.36[/email]
) (Read error: 54 (Connection reset by peer))
本文来自ChinaUnix博客,如果查看原文请点:http://blog.chinaunix.net/u/15711/showart_290750.html |
|
免费注册
发表于 2007-05-02 22:40