[lug] Weird su/sudo/login/ssh/mail problem

Bear Giles bgiles at coyotesong.com
Fri Apr 5 10:53:16 MST 2002


> Interesting problem. Did you try 
> 
>  'strace -o /tmp/trace.log   sudo username' 

I had tried it, but got an "Operation not permitted" error when
I hit the fork()/exec() wall.  

Doing it as root (which I should have done before, d'oh) the 
last few entries are:

  socket(PF_UNIX, SOCK_DGRAM, 0)          = 3
  fcntl(3, F_SETFD, FD_CLOEXEC)           = 0
  connect(3, {sin_family=AF_UNIX, path="      /dev/log"}, 16) = -1 EPROTOTYPE (Protocol wrong type for socket)
  close(3)                                = 0
  socket(PF_UNIX, SOCK_STREAM, 0)         = 3
  fcntl(3, F_SETFD, FD_CLOEXEC)           = 0
  connect(3, {sin_family=AF_UNIX, path="      /dev/log"}, 16

which looks promising... until you realize that the message was 
truncated.  The actual error may be totally unrelated but lost
in the message below.

But I found myself wondering about the leading space in the path name.
Could it be a configuration error in some file, perhaps due to a "helpful"
editor replacing nasty tabs with clean spaces?  I checked for "/dev/log"
anywhere under /etc, but couldn't find it.

Besides, I've seen the logs being updated.  It couldn't be due to syslog,
right?

Just to cover all bases, I HUP'd sysklogd and suddenly the strace
finished.  The problem is definitely with syslog, and the missing
return code above is "ECONNREFUSED (Connection refused)".  After
the HUP the second connect succeeds.

This still leaves me with a mystery - why does sysklog start refusing
connections?  There's plenty of space in the /var/log partition.

Bear



More information about the LUG mailing list