Ubuntu
shadow package

/etc/pam.d/login runs /etc/update-motd.d scripts twice

Bug #1169558 reported by Jamie Strandboge
14
This bug affects 3 people
Affects Status Importance Assigned to Milestone
shadow (Ubuntu)
Fix Released
Medium
Colin Watson
Raring
Fix Released
Medium
Colin Watson

Bug Description

In performing install audits I noticed the following change to /etc/pam.d/login:
+ session optional pam_motd.so motd=/run/motd.dynamic
  session optional pam_motd.so

Per man (8) pam_motd, this means that the scripts in /etc/update-motd.d are run twice. One of these should use 'noupdate', like in /etc/pam.d/sshd:
# Print the message of the day upon successful login.
# This includes a dynamically generated part from /run/motd.dynamic
# and a static (admin-editable) part from /etc/motd.
session optional pam_motd.so motd=/run/motd.dynamic noupdate
session optional pam_motd.so # [1]

(It seems slightly odd to me that sshd will update /etc/motd dynamically rather than /run/motd.dynamic, but that is not this bug)

ProblemType: Bug
DistroRelease: Ubuntu 13.04
Package: login 1:4.1.5.1-1ubuntu3
ProcVersionSignature: Ubuntu 3.8.0-17.27+dbusdev1-generic 3.8.6
Uname: Linux 3.8.0-17-generic x86_64
ApportVersion: 2.9.2-0ubuntu5
Architecture: amd64
Date: Tue Apr 16 08:07:11 2013
InstallationDate: Installed on 2011-06-28 (657 days ago)
InstallationMedia: Ubuntu 11.04 "Natty Narwhal" - Release amd64 (20110425.2)
MarkForUpload: True
SourcePackage: shadow
UpgradeStatus: Upgraded to raring on 2013-02-14 (61 days ago)

Revision history for this message
Jamie Strandboge (jdstrand) wrote :
summary: - /etc/pam.d/login runs motd scripts twice
+ /etc/pam.d/login runs /etc/update-motd.d scripts twice
Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in shadow (Ubuntu):
status: New → Confirmed
Revision history for this message
Colin Watson (cjwatson) wrote :

Re sshd: pam_motd (without noupdate) actually updates /var/run/motd, not /etc/motd. This is explained in pam_motd's source:

    /* Run the update-motd dynamic motd scripts, outputting to /var/run/motd.
       If /etc/motd -> /var/run/motd, the displayed MOTD will be dynamic.
       Otherwise, the admin can force a static MOTD by breaking that symlink
       and publishing into an /etc/motd text file. */

It's a bit weird, but I didn't write it. :-)

Changed in shadow (Ubuntu Raring):
importance: Undecided → Medium
assignee: nobody → Colin Watson (cjwatson)
status: Confirmed → In Progress
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package shadow - 1:4.1.5.1-1ubuntu4

---------------
shadow (1:4.1.5.1-1ubuntu4) raring; urgency=low

  * Pass noupdate to pam_motd call for /run/motd.dynamic, to avoid running
    /etc/update-motd.d/* scripts twice (LP: #1169558).
 -- Colin Watson <email address hidden> Thu, 18 Apr 2013 01:01:45 +0100

Changed in shadow (Ubuntu Raring):
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.