croco | 30 Sep 14:05 2009

Re: can't create users under openvz container

On Wed, Sep 30, 2009 at 02:59:46AM +0400, Solar Designer wrote:
> On Tue, Sep 29, 2009 at 11:53:41PM +0400, croco <at> openwall.com wrote:
>
> > open("/etc/tcb/crocodil/shadow.lock",
> > O_WRONLY|O_CREAT|O_NOCTTY|O_NONBLOCK|O_NOFOLLOW, 0600) = -1 EACCES
> > (Permission denied)
> 
> This is typically caused by improper permissions on "/" (the fs root
> directory), which in turn may have been caused by "/" or "." missing
> from your OpenVZ template.  "chmod 755 /" run from within the container
> should fix this for the container.  Adding "." with mode 755 to the
> template tarball should fix it for other containers created from the
> template (as far as I recall).

Exactly this.  Dmitry (ldv) was the first to mention this to me, so I
checked it and saw this is really the case.  See my reply to Dmitry for the
path to the new wiki page I've just created :-)

> This is unrelated to the problem at hand, but the above is an outdated
> kernel version.  I understand that you picked a pre-built OpenVZ kernel,
> but they have newer versions pre-built as well - in fact, they do it for
> each new version they release on the "rhel5" branch.  The current stable
> "rhel5" branch version is:
> 
> http://wiki.openvz.org/Download/kernel/rhel5/028stab064.7

Actually this was the first one I tried.  On my machine it was hanging on
the message "BIOS check successful".  I'm not sure whether it is a buggy
kernel or buggy machine -- either way, the version I finally piked (see
below) just works.

Anyway, I'd prefer to see the Openwall own version of OpenVZ kernel
published somewhere... hmmm... yes, I'm a very boring person.

Thanks!

--
Croco

--

-- 
To unsubscribe, e-mail owl-users-unsubscribe <at> lists.openwall.com and reply
to the automated confirmation request that will be sent to you.


Gmane