FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.

» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian User

LinkBack Thread Tools
Old 02-18-2009, 10:27 PM
Andrew Reid
Default Lenny upgrade -- kcheckpass behavior change

I've just completed the "lenny" upgrade on my main
box at home, and ran into an interesting glitch.

The initial symptom was, I couldn't unlock the screen
from the screensaver. The logs complained about "user not found",
but id <user> showed it, PAM config looked OK, /etc/nsswitch.conf
was fine, and /etc/passwd and /etc/shadow hadn't changed.
Other log entries showed the complaint was coming from
kcheckpass, and indeed, interactive use showed that it was
failing, even with the correct password. Running "strace"
on this showed it was getting "permission denied" trying to
read /etc/shadow.

On this system, I had set /etc/shadow to be permission 400,
as recommended in a system hardening guide (don't recall now
which one), and then more or less forgotten about it.

Evidently the behavior of kcheckpass has changed, it must
run as group "shadow" now, and not as user root. Opening up
permissions on /etc/shadow (I changed it to 440) fixed it.

-- A.
Andrew Reid / reidac@bellatlantic.net

To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Thread Tools

All times are GMT. The time now is 03:52 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org