Service and user nobody

N

Nutz

Hello all,

Hope you are all fine !

I have a question concerning the nobody user, i used to install an exporter prometheus on old FreeBSD 11.1 server.
I'm able to start without any issues the node_exporter service.

But it's different with FreeBSD12.1, I'm not able to do it until I change the :
Code: 
: ${node_exporter_user:="nobody"}
: ${node_exporter_group:="nobody"}

with user & group root..which I would like to avoid.

I got the error :
Code: 
Starting node_exporter.
su: /usr/local/bin/zsh: Permission denied
/usr/local/etc/rc.d/node_exporter: WARNING: failed to start node_exporter

The only one what is able to start is ctld_exporter cause its build from go language.
goprogram_user="nobody"

I checked all permission and that's sound corrects...

br,
!!!
 
Great, now I can read the actual rc too. Looking through it the rc(8) script is not the one doing the su(1), so I suspect it's the node exporter code itself that does this. It looks like they're not using the -m option.

Code: 
root@williscorto:~ # su nobody
This account is currently not available.
root@williscorto:~ # su -m nobody
You have mail.
nobody@williscorto:~ %

The nobody account cannot be used as a login shell because it has /usr/sbin/nologin. Don't be tempted to change the account, there's a very good reason why this is not allowed.
 
Hi,

Thanks for the details.

But the issue may not be related to the exporter itself...
I tried to
Code: 
su nobody
and i got this error message :

Code: 
su: /usr/sbin/nologin: Permission denied

EDIT: I just try with a fresh install of FBSD12 and dont have any errors, im able to launch node_exporter with user nobody as expected.
So there is something wrong with the others filers installed via mfsbsd and kernel/base.txz..
 
Nutz said:
I tried to
Code: 
su nobody
and i got this error message :

Code: 
su: /usr/sbin/nologin: Permission denied
Click to expand...
Could it be that /usr/sbin/nologin ended up without the execute bit permission (i.e., the bits that you can set with chmod)?
 
You must log in or register to reply here.
Back
Top