1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

PAM dlerror: /lib/security/pam_plesk.so

Discussion in 'Plesk for Linux - 8.x and Older' started by phatPhrog, Jun 5, 2006.

  1. phatPhrog

    phatPhrog Guest

    0
     
    Since updating our CENTOS 4.2/Plesk 8 box we are now receiving the following errors in our messages and secure logs.

    These are only examples, we are getting hundreds of these per day.

    Any help resolving this would be appreciated.

    Current permissions are:
    1096 -rwxr-xr-x 1 root root 1116671 Mar 31 02:00 pam_plesk.so

    Thank you for your help.
     
  2. troymc

    troymc Guest

    0
     
    I have this same problem. The permission to start with were
    and I updated them to be
    and I am still getting the messages too.
     
  3. phatPhrog

    phatPhrog Guest

    0
     
    PAM dlerror: /lib/security/pam_plesk.so FOLLOW-UP

    troymc, I guess we're on our own here. Neither Sw-Soft nor CENTOS has netted any positive feedback or a FIX for this.

    CENTOS says it's a Plesk problem and SW-Soft doesn't respond to help requests.

    At least with Fedora problems could be resolved... :mad:

    Will let you know if I can find anyone willing to aid in the fix.
     
  4. Griffith

    Griffith Guest

    0
     
    I did a search and found this:
    http://www.howtoforge.com/forums/showthread.php?t=196&page=2

    Create /etc/pam.d/ftp with this:
    Code:
    #%PAM-1.0
    auth    required        pam_unix.so     nullok
    account required        pam_unix.so
    session required        pam_unix.so
    
    I have NOT tested this, but seems to be sort of the same? If someone tests it please report if it makes any difference...
     
  5. phatPhrog

    phatPhrog Guest

    0
     
    Don't be insulted by my query....but....are you a SW-Soft employee/tech support rep?

    Your help is a start to helping, but it would be nice to know someone has tested this on a non-production server before offering it as a proposed fix.

    Again, Thanks for the help, but there are those that would blindly follow your direction without knowing or taking into account the consequences.

    We use 1and1 servers . . . and as everyone knows, 1and1 does not use global configurations that all updates can be applied, expecially for those that don't know how to modify the 1and1 configurations.
     
  6. Griffith

    Griffith Guest

    0
     
    I haven't tested it myself, and I hope people test it on a testserver first. :)
     
  7. phatPhrog

    phatPhrog Guest

    0
     
    Just didn't want folks coming back yelling at ya. LOL

    You know HOW grateful people can be.....just look at some of my posts. :p
     
  8. phatPhrog

    phatPhrog Guest

    0
     
    cross-post NOT INTENDED, but no one else will...

    In reference to PAM dlopen, dlerror I am not intentionally cross-posting, but there are two and only two post on this entire forum pertaining to Plesk 8 and/or CENTOS so we need to join them since support is limited to a few!!

    Posting this to all current posts relating to PSA8 in recent days:

    http://forum.swsoft.com/showthread.php?s=&threadid=33493&highlight=PAM+dlerror

    I'm still looking at it, but it seems turning off mailman and/or disabling mailing lists for each client has resulted in the PAM....pam_plesk.so errors going away.

    Not sure just yet, only know the messages and secure logs no longer reflect PAM errors.

    Will continue to update on our progress.
     
  9. atomicturtle

    atomicturtle Golden Pleskian

    29
     
    Joined:
    Nov 20, 2002
    Messages:
    2,110
    Likes Received:
    7
    Location:
    Washington, DC
    Noexec strikes again. This is really a glibc problem, so the blame lies with Redhat. Basically its the diet-coke version of what we're using in ASL with PaX, except its all "opt-in", and doesnt work very well. Try running:

    execstack -c /lib/security/pam_plesk.so

    Let me know if that also happens on an ASL kernel, and I'll add that in to the RPM.
     
  10. phatPhrog

    phatPhrog Guest

    0
     
    PAM pam_plesk ASL

    Yes it is happening with ASL. I am running 2.6.14-4.artsmp.
     
  11. phatPhrog

    phatPhrog Guest

    0
     
    PAM

    After running execstack -c /lib/security/pam_plesk.so the following errors in the /var/log/messages
     
  12. troymc

    troymc Guest

    0
     
    phatPhrog, did you ever get this completely resolved? Are you still getting those errors after executing execstack -c /lib/security/pam_plesk.so?
     
  13. phatPhrog

    phatPhrog Guest

    0
     
    pam_plesk.so

    No. After running execstack -c /lib/security/pam_plesk.so, more errors cropped up and no one from SW-Soft, CENTOS or otherwise had any remedy, so we opted out. We reverted to a FC4/PSA 8 server.

    Perhaps we will try again when CENTOS 4.3 is support by PSA.

    Sorry.
     
  14. troymc

    troymc Guest

    0
     
    Do you know what kind of problems this could cause? Does it only affect users setup through Plesk that need shell access?
     
  15. pmedeiros

    pmedeiros Guest

    0
     
    Hi,

    I'm also using art's kernel (2.6.11-9.artsmp) on a 7.5.4 plesk box with CentOS 4.3

    The message [...]PAM unable to dlopen(/lib/security/pam_plesk.so)[...] does not apear on this box, but on a test server with plesk 8.0.1 (upgraded from 8.0.0), it does. The problem desapears if i run "execstack -c /lib/security/pam_plesk.so".

    Other problems, on this boxes (both 7.5.4 and 8.0.1):
    - On Service management (plesk CP), the services that look disabled are "SMTP Server (QMail)" and "Dr.Web antivirus"... the smtp service is running and working great, but the dr.web service does not
    - Error on Dr.Web:
    [...]
    Starting up DrWeb(R) daemon: Dr.Web (R) daemon for Linux/Plesk Edition, version 4.32.2 (2004-11-01)
    Copyright (c) Igor Daniloff, 1992-2004
    Doctor Web Ltd., Moscow, Russia
    Support service: http://support.drweb.com
    To purchase: http://buy.drweb.com

    mprotect(): 13 (Permission denied)
    [FAILED]
    [...]

    Any ideas in how to solve this ?

    Thanks

    Paulo
     
  16. pmedeiros

    pmedeiros Guest

    0
     
    Well ... new error at 8.0.1 box, at /var/log/httpd/error.log:
    [...]
    Failed loading /usr/local/Zend/lib/ZendExtensionManager.so: /usr/local/Zend/lib/ZendExtensionManager.so: cannot enable executable stack as shared object requires: Permission denied
    [...]

    ;-)

    PS: Still to test on 7.5.4, if it is ok
     
  17. pmedeiros

    pmedeiros Guest

    0
     
    Yep,

    With ASL kernel the Zend error persists ... and a new error (not previoully mentioned):
    [...]
    [Thu Jun 22 16:16:36 2006] [error] Incorrect permissions on stub "/usr/local/frontpage/version5.0/apache-fp/_vti_bin/fpexe" in FrontPageCheckup(). Until this problem is fixed, the FrontPage security patch is disabled and the FrontPage extensions may not work correctly.
    [...]

    Ideas wanted... please
     
  18. atomicturtle

    atomicturtle Golden Pleskian

    29
     
    Joined:
    Nov 20, 2002
    Messages:
    2,110
    Likes Received:
    7
    Location:
    Washington, DC
    In reference to the dr. web users, try using the asl-testing version, specifically the gradm rpm. Thats where I put all the various checks and fixes for these little issues.
     
Loading...