pam's nullok_secure seems to break pbuilder build
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
shadow (Debian) |
Fix Released
|
Unknown
|
|||
shadow (Ubuntu) |
Invalid
|
High
|
Adam Conrad |
Bug Description
Automatically imported from Debian bug report #330291 http://
In Debian Bug tracker #330291, Junichi Uekawa (dancer-netfort) wrote : Re: Bug#330291: pam's nullok_secure seems to break pbuilder build | #1 |
In Debian Bug tracker #330291, Junichi Uekawa (dancer-netfort) wrote : Re: Authentication problem with pbuilder | #2 |
Hi,
> Extracting source
> Password: su: Authentication failure
> Sorry.
> pbuilder: Failed extracting the source
> -> Aborting with an error
> -> unmounting dev/pts filesystem
> ...
>
>
> I guess I have to set a further sudo permission here but for what program?
> It is 'sudo su' ? I would not really like this even if it is convinient.
>
I've tracked the problem down to the fact that
/etc/pam.d/su no longer exists with a clean install
since around yesterday.
Upgraded systems continue to work since /etc/pam.d/su
already exists.
Without /etc/pam.d/su, root running su will be asked
for a password.
I'm suspecting either of
login 1:4.0.12-2 -> 1:4.0.12-3
pam 0.76-23->0.79-1
regards,
junichi
In Debian Bug tracker #330291, Andreas Tille (tillea) wrote : | #3 |
On Wed, 28 Sep 2005, Junichi Uekawa wrote:
> I've tracked the problem down to the fact that
> /etc/pam.d/su no longer exists with a clean install
> since around yesterday.
> Upgraded systems continue to work since /etc/pam.d/su
> already exists.
Nice that you found an issue. On the other hand my system was
installed about 10 months ago and I only upgraded. I'm more or
less using an up to date testing system with the exception of some
packages from sid.
> Without /etc/pam.d/su, root running su will be asked
> for a password.
This is not the case. I can su to any user (including root) without
password if I'm logged in as root.
> I'm suspecting either of
>
> login 1:4.0.12-2 -> 1:4.0.12-3
login 4.0.3-35
(without any changes to /etc/pam.d/su)
> pam 0.76-23->0.79-1
Not installed on the system in question.
Kind regards
Andreas.
In Debian Bug tracker #330291, Junichi Uekawa (dancer-netfort) wrote : Re: Bug#330291: Authentication problem with pbuilder | #4 |
tags 330291 +patch
reassign 330291 login
severity 330291 serious
thanks
Hi,
> > Extracting source
> > Password: su: Authentication failure
> > Sorry.
> > pbuilder: Failed extracting the source
> > -> Aborting with an error
> > -> unmounting dev/pts filesystem
> > ...
> >
> >
> > I guess I have to set a further sudo permission here but for what program?
> > It is 'sudo su' ? I would not really like this even if it is convinient.
> >
>
> I've tracked the problem down to the fact that
> /etc/pam.d/su no longer exists with a clean install
> since around yesterday.
> Upgraded systems continue to work since /etc/pam.d/su
> already exists.
>
> Without /etc/pam.d/su, root running su will be asked
> for a password.
>
> I'm suspecting either of
>
> login 1:4.0.12-2 -> 1:4.0.12-3
> pam 0.76-23->0.79-1
I've tracked it down to shadow; I think this is the required patch.
diff -urN shadow-
--- shadow-
+++ shadow-
@@ -0,0 +1,45 @@
+#
+# The PAM configuration file for the Shadow `su' service
+#
+
+# Uncomment this to force users to be a member of group root
+# before they can use `su'. You can also add "group=foo" to
+# to the end of this line if you want to use a group other
+# than the default "root".
+# (Replaces the `SU_WHEEL_ONLY' option from login.defs)
+# auth required pam_wheel.so
+
+# Uncomment this if you want wheel members to be able to
+# su without a password.
+# auth sufficient pam_wheel.so trust
+
+# Uncomment this if you want members of a specific group to not
+# be allowed to use su at all.
+# auth required pam_wheel.so deny group=nosu
+
+# This allows root to su without passwords (normal operation)
+auth sufficient pam_rootok.so
+
+# Uncomment and edit /etc/security/
+# time restrainst on su usage.
+# (Replaces the `PORTTIME_
+# as well as /etc/porttime)
+# account requisite pam_time.so
+
+# This module parses /etc/environment (the standard for setting
+# environ vars) and also allows you to use an extended config
+# file /etc/security/
+# (Replaces the `ENVIRON_FILE' setting from login.defs)
+auth required pam_env.so
+
+# The standard Unix authentication modules, used with
+# NIS (man nsswitch) as well as normal /etc/passwd and
+# /etc/shadow entries.
+@include common-auth
+@include common-account
+@include common-session
+
+# Sets up user limits, please uncomment and read /etc/security/
+# to enable this functionality.
+# (Replaces the use of /etc/limits in old login)
+# session required pam_limits.so
diff -urN shadow-
--- shadow-
+++ shadow-
@@ -1,45 +0,0 @@
-#
-# The PAM configuration file for the Shadow `su' service
-#
-
-# Uncomment this to force users to be a member of group root
-# before they can us...
In Debian Bug tracker #330291, Junichi Uekawa (dancer-netfort) wrote : | #5 |
retitle 330291 missing /etc/pam.d/su from login package
thanks
Let us retitle this bugreport, so that is looks more correct.
amicablement,
junichi
--
Junichi Uekawa, Debian Developer http://
183A 70FC 4732 1B87 57A5 CE82 D837 7D4E E81E 55C1
In Debian Bug tracker #330291, Nicolas François (nicolas-francois) wrote : | #6 |
tags 330291 pending
thanks
Committed.
Thanks for noticying and for the patch.
Kind Regards,
--
Nekral
Debian Bug Importer (debzilla) wrote : | #7 |
Automatically imported from Debian bug report #330291 http://
Debian Bug Importer (debzilla) wrote : | #8 |
Message-Id: <email address hidden>
Date: Tue, 27 Sep 2005 18:36:32 +0900
From: Horms <email address hidden>
To: Debian Bug Tracking System <email address hidden>
Subject: pam's nullok_secure seems to break pbuilder build
Package: pbuilder
Version: 0.131
Severity: important
Hi,
I recently noticed that when runing pbuilder build, it fails as
it calls su internally. I tracked this down to su wanting a password,
and futher tracked this to pam using nullok_secure, wheras nullok works,
I guess we aren't coming from a secure tty.
In any case, I found the following hook allows pbuilder build
to work, I'm not sure what a good longer term solution is.
--- begin E00nullok ---
#!/bin/bash
#E00nullok
cat > /etc/pam.
#
# /etc/pam.
#
# This file is included from other service-specific PAM config files,
# and should contain a list of the authentication modules that define
# the central authentication scheme for use on the system
# (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the
# traditional Unix authentication mechanisms.
#
# nullok_secure does not seem to work when pbuilder calls su
#auth required pam_unix.so nullok_secure
auth required pam_unix.so nullok
__EOF__
--- end E00nullok ---
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.12-1-686-smp
Locale: LANG=ja_JP.eucJP, LC_CTYPE=
Versions of packages pbuilder depends on:
ii cdebootstrap 0.3.8 Bootstrap a Debian system
ii coreutils 5.2.1-2.1 The GNU core utilities
ii debianutils 2.14.3 Miscellaneous utilities specific t
ii gcc 4:4.0.1-3 The GNU C compiler
ii wget 1.10.1-1 retrieves files from the web
Versions of packages pbuilder recommends:
ii devscripts 2.9.7 Scripts to make the life of a Debi
ii fakeroot 1.5.1 Gives a fake root environment
ii sudo 1.6.8p9-2 Provide limited super user privile
-- no debconf information
Debian Bug Importer (debzilla) wrote : | #9 |
Message-ID: <87slvqybbx.
Date: Tue, 27 Sep 2005 20:55:14 +0900
From: Junichi Uekawa <email address hidden>
To: Horms <email address hidden>,
<email address hidden>
Subject: Re: Bug#330291: pam's nullok_secure seems to break pbuilder build
Hi,
> I recently noticed that when runing pbuilder build, it fails as
> it calls su internally. I tracked this down to su wanting a password,
> and futher tracked this to pam using nullok_secure, wheras nullok works,
> I guess we aren't coming from a secure tty.
I don't seem to be able to reproduce this particular problem;
what's causing this?
Hmmm:
http://
So, /etc/securetty somewhere (possibly inside the chroot)
is not what pam wants.
I have one problem in that pbuilder will feed it with < /dev/null,
and that's not a tty, according to tty command,
$ tty < /dev/null
not a tty
regards,
junichi
Debian Bug Importer (debzilla) wrote : | #10 |
Message-ID: <87achxz8xx.
Date: Wed, 28 Sep 2005 21:13:46 +0900
From: Junichi Uekawa <email address hidden>
To: Andreas Tille <email address hidden>, <email address hidden>, Horms <email address hidden>,
<email address hidden>, <email address hidden>
Cc: Debian Developers <email address hidden>
Subject: Re: Authentication problem with pbuilder
Hi,
> Extracting source
> Password: su: Authentication failure
> Sorry.
> pbuilder: Failed extracting the source
> -> Aborting with an error
> -> unmounting dev/pts filesystem
> ...
>
>
> I guess I have to set a further sudo permission here but for what program?
> It is 'sudo su' ? I would not really like this even if it is convinient.
>
I've tracked the problem down to the fact that
/etc/pam.d/su no longer exists with a clean install
since around yesterday.
Upgraded systems continue to work since /etc/pam.d/su
already exists.
Without /etc/pam.d/su, root running su will be asked
for a password.
I'm suspecting either of
login 1:4.0.12-2 -> 1:4.0.12-3
pam 0.76-23->0.79-1
regards,
junichi
Debian Bug Importer (debzilla) wrote : | #11 |
Message-Id: <Pine.LNX.
Date: Wed, 28 Sep 2005 14:31:24 +0200 (CEST)
From: Andreas Tille <email address hidden>
To: Junichi Uekawa <email address hidden>
cc: <email address hidden>, Horms <email address hidden>,
<email address hidden>, <email address hidden>,
Debian Developers <email address hidden>
Subject: Re: Authentication problem with pbuilder
On Wed, 28 Sep 2005, Junichi Uekawa wrote:
> I've tracked the problem down to the fact that
> /etc/pam.d/su no longer exists with a clean install
> since around yesterday.
> Upgraded systems continue to work since /etc/pam.d/su
> already exists.
Nice that you found an issue. On the other hand my system was
installed about 10 months ago and I only upgraded. I'm more or
less using an up to date testing system with the exception of some
packages from sid.
> Without /etc/pam.d/su, root running su will be asked
> for a password.
This is not the case. I can su to any user (including root) without
password if I'm logged in as root.
> I'm suspecting either of
>
> login 1:4.0.12-2 -> 1:4.0.12-3
login 4.0.3-35
(without any changes to /etc/pam.d/su)
> pam 0.76-23->0.79-1
Not installed on the system in question.
Kind regards
Andreas.
Debian Bug Importer (debzilla) wrote : | #12 |
Message-ID: <878xxhz7r8.
Date: Wed, 28 Sep 2005 21:39:23 +0900
From: Junichi Uekawa <email address hidden>
To: Junichi Uekawa <email address hidden>,
<email address hidden>
Cc: Andreas Tille <email address hidden>, Horms <email address hidden>, <email address hidden>,
<email address hidden>, Debian Developers <email address hidden>,
<email address hidden>
Subject: Re: Bug#330291: Authentication problem with pbuilder
tags 330291 +patch
reassign 330291 login
severity 330291 serious
thanks
Hi,
> > Extracting source
> > Password: su: Authentication failure
> > Sorry.
> > pbuilder: Failed extracting the source
> > -> Aborting with an error
> > -> unmounting dev/pts filesystem
> > ...
> >
> >
> > I guess I have to set a further sudo permission here but for what program?
> > It is 'sudo su' ? I would not really like this even if it is convinient.
> >
>
> I've tracked the problem down to the fact that
> /etc/pam.d/su no longer exists with a clean install
> since around yesterday.
> Upgraded systems continue to work since /etc/pam.d/su
> already exists.
>
> Without /etc/pam.d/su, root running su will be asked
> for a password.
>
> I'm suspecting either of
>
> login 1:4.0.12-2 -> 1:4.0.12-3
> pam 0.76-23->0.79-1
I've tracked it down to shadow; I think this is the required patch.
diff -urN shadow-
--- shadow-
+++ shadow-
@@ -0,0 +1,45 @@
+#
+# The PAM configuration file for the Shadow `su' service
+#
+
+# Uncomment this to force users to be a member of group root
+# before they can use `su'. You can also add "group=foo" to
+# to the end of this line if you want to use a group other
+# than the default "root".
+# (Replaces the `SU_WHEEL_ONLY' option from login.defs)
+# auth required pam_wheel.so
+
+# Uncomment this if you want wheel members to be able to
+# su without a password.
+# auth sufficient pam_wheel.so trust
+
+# Uncomment this if you want members of a specific group to not
+# be allowed to use su at all.
+# auth required pam_wheel.so deny group=nosu
+
+# This allows root to su without passwords (normal operation)
+auth sufficient pam_rootok.so
+
+# Uncomment and edit /etc/security/
+# time restrainst on su usage.
+# (Replaces the `PORTTIME_
+# as well as /etc/porttime)
+# account requisite pam_time.so
+
+# This module parses /etc/environment (the standard for setting
+# environ vars) and also allows you to use an extended config
+# file /etc/security/
+# (Replaces the `ENVIRON_FILE' setting from login.defs)
+auth required pam_env.so
+
+# The standard Unix authentication modules, used with
+# NIS (man nsswitch) as well as normal /etc/passwd and
+# /etc/shadow entries.
+@include common-auth
+@include common-account
+@include common-session
+
+# Sets up user limits, please uncomment and read /etc/security/
+# to enable this functionality.
+# (Replaces the use of /et...
Debian Bug Importer (debzilla) wrote : | #13 |
Message-ID: <871x39z79q.
Date: Wed, 28 Sep 2005 21:49:53 +0900
From: Junichi Uekawa <email address hidden>
To: Junichi Uekawa <email address hidden>,
<email address hidden>
Cc: <email address hidden>
Subject: Re: Bug#330291: Authentication problem with pbuilder
retitle 330291 missing /etc/pam.d/su from login package
thanks
Let us retitle this bugreport, so that is looks more correct.
amicablement,
junichi
--
Junichi Uekawa, Debian Developer http://
183A 70FC 4732 1B87 57A5 CE82 D837 7D4E E81E 55C1
Debian Bug Importer (debzilla) wrote : | #14 |
Message-ID: <email address hidden>
Date: Wed, 28 Sep 2005 15:55:31 +0200
From: Nicolas =?iso-8859-
To: Junichi Uekawa <email address hidden>, <email address hidden>
Subject: Re: Bug#330291: Authentication problem with pbuilder
tags 330291 pending
thanks
Committed.
Thanks for noticying and for the patch.
Kind Regards,
--
Nekral
In Debian Bug tracker #330291, Christian Perrier (bubulle) wrote : Re: [Pkg-shadow-devel] Bug#330291: Authentication problem with pbuilder | #15 |
Quoting Nicolas François (<email address hidden>):
> tags 330291 pending
> thanks
>
> Committed.
> Thanks for noticying and for the patch.
I'm building 4.0.12-4 with Junichi's patch.
/me slams self for bad use of dh_installpam in his attempts to make
debian/rules a little bit less messy..:-|
Thanks, Junichi for the quick fix.
In Debian Bug tracker #330291, Christian Perrier (bubulle) wrote : Bug#330291: fixed in shadow 1:4.0.12-4 | #16 |
Source: shadow
Source-Version: 1:4.0.12-4
We believe that the bug you reported is fixed in the latest version of
shadow, which is due to be installed in the Debian FTP archive:
login_4.
to pool/main/
passwd_
to pool/main/
shadow_
to pool/main/
shadow_4.0.12-4.dsc
to pool/main/
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to <email address hidden>,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Christian Perrier <email address hidden> (supplier of updated shadow package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing <email address hidden>)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Tue, 27 Sep 2005 07:20:44 +0200
Source: shadow
Binary: login passwd
Architecture: source i386
Version: 1:4.0.12-4
Distribution: unstable
Urgency: low
Maintainer: Shadow package maintainers <email address hidden>
Changed-By: Christian Perrier <email address hidden>
Description:
login - system login tools
passwd - change and administer password and group data
Closes: 330291 330338 330526
Changes:
shadow (1:4.0.12-4) unstable; urgency=low
.
* The "Epoisses" release
* Debian packaging fixes:
- debian/control:
Add a few more Replaces for broken manpages-xx packages
which provide random man pages for software they don't
provide. Closes: #330526, #330338
* Use dh_installpam correctly so that /etc/pam.d/su really exists
Closes: #330291
* Change section to admin because of the restructuration of the "base"
section by the ftpmasters
Files:
ff35dad7257158
2d2db4c654c0f9
d701e656e0271c
667bced40909e9
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iD8DBQFDOtUd1OX
rYiAg8v6cJbNt2A
=l0u5
-----END PGP SIGNATURE-----
In Debian Bug tracker #330291, Christian Perrier (bubulle) wrote : Bug#330291: fixed in shadow 1:4.0.12-5 | #17 |
Source: shadow
Source-Version: 1:4.0.12-5
We believe that the bug you reported is fixed in the latest version of
shadow, which is due to be installed in the Debian FTP archive:
login_4.
to pool/main/
passwd_
to pool/main/
shadow_
to pool/main/
shadow_4.0.12-5.dsc
to pool/main/
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to <email address hidden>,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Christian Perrier <email address hidden> (supplier of updated shadow package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing <email address hidden>)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Wed, 28 Sep 2005 19:59:31 +0200
Source: shadow
Binary: login passwd
Architecture: source i386
Version: 1:4.0.12-5
Distribution: unstable
Urgency: low
Maintainer: Shadow package maintainers <email address hidden>
Changed-By: Christian Perrier <email address hidden>
Description:
login - system login tools
passwd - change and administer password and group data
Closes: 330291
Changes:
shadow (1:4.0.12-5) unstable; urgency=low
.
* Really add /etc/pam.d/su. Closes: #330291
Files:
65a2fd3c58d770
23e47bafede992
6cd2102b64ce87
03eec6788ef8ec
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iD8DBQFDOtrB1OX
C61Fadj/
=HFq+
-----END PGP SIGNATURE-----
Debian Bug Importer (debzilla) wrote : | #18 |
Message-ID: <email address hidden>
Date: Wed, 28 Sep 2005 19:14:52 +0200
From: Christian Perrier <email address hidden>
To: <email address hidden>
Cc: Junichi Uekawa <email address hidden>
Subject: Re: [Pkg-shadow-devel] Bug#330291: Authentication problem with pbuilder
Quoting Nicolas Fran=E7ois (<email address hidden>):
> tags 330291 pending
> thanks
>=20
> Committed.
> Thanks for noticying and for the patch.
I'm building 4.0.12-4 with Junichi's patch.
/me slams self for bad use of dh_installpam in his attempts to make
debian/rules a little bit less messy..:-|
Thanks, Junichi for the quick fix.
Debian Bug Importer (debzilla) wrote : | #19 |
Message-Id: <email address hidden>
Date: Wed, 28 Sep 2005 11:02:26 -0700
From: Christian Perrier <email address hidden>
To: <email address hidden>
Subject: Bug#330291: fixed in shadow 1:4.0.12-4
Source: shadow
Source-Version: 1:4.0.12-4
We believe that the bug you reported is fixed in the latest version of
shadow, which is due to be installed in the Debian FTP archive:
login_4.
to pool/main/
passwd_
to pool/main/
shadow_
to pool/main/
shadow_4.0.12-4.dsc
to pool/main/
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to <email address hidden>,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Christian Perrier <email address hidden> (supplier of updated shadow package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing <email address hidden>)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Tue, 27 Sep 2005 07:20:44 +0200
Source: shadow
Binary: login passwd
Architecture: source i386
Version: 1:4.0.12-4
Distribution: unstable
Urgency: low
Maintainer: Shadow package maintainers <email address hidden>
Changed-By: Christian Perrier <email address hidden>
Description:
login - system login tools
passwd - change and administer password and group data
Closes: 330291 330338 330526
Changes:
shadow (1:4.0.12-4) unstable; urgency=low
.
* The "Epoisses" release
* Debian packaging fixes:
- debian/control:
Add a few more Replaces for broken manpages-xx packages
which provide random man pages for software they don't
provide. Closes: #330526, #330338
* Use dh_installpam correctly so that /etc/pam.d/su really exists
Closes: #330291
* Change section to admin because of the restructuration of the "base"
section by the ftpmasters
Files:
ff35dad7257158
2d2db4c654c0f9
d701e656e0271c
667bced40909e9
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iD8DBQFDOtUd1OX
rYiAg8v6cJbNt2A
=l0u5
-----END PGP SIGNATURE-----
Debian Bug Importer (debzilla) wrote : | #20 |
Message-Id: <email address hidden>
Date: Wed, 28 Sep 2005 11:17:29 -0700
From: Christian Perrier <email address hidden>
To: <email address hidden>
Subject: Bug#330291: fixed in shadow 1:4.0.12-5
Source: shadow
Source-Version: 1:4.0.12-5
We believe that the bug you reported is fixed in the latest version of
shadow, which is due to be installed in the Debian FTP archive:
login_4.
to pool/main/
passwd_
to pool/main/
shadow_
to pool/main/
shadow_4.0.12-5.dsc
to pool/main/
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to <email address hidden>,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Christian Perrier <email address hidden> (supplier of updated shadow package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing <email address hidden>)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Wed, 28 Sep 2005 19:59:31 +0200
Source: shadow
Binary: login passwd
Architecture: source i386
Version: 1:4.0.12-5
Distribution: unstable
Urgency: low
Maintainer: Shadow package maintainers <email address hidden>
Changed-By: Christian Perrier <email address hidden>
Description:
login - system login tools
passwd - change and administer password and group data
Closes: 330291
Changes:
shadow (1:4.0.12-5) unstable; urgency=low
.
* Really add /etc/pam.d/su. Closes: #330291
Files:
65a2fd3c58d770
23e47bafede992
6cd2102b64ce87
03eec6788ef8ec
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iD8DBQFDOtrB1OX
C61Fadj/
=HFq+
-----END PGP SIGNATURE-----
In Debian Bug tracker #330291, Steve Langasek (vorlon) wrote : Re: Authentication problem with pbuilder | #21 |
On Wed, Sep 28, 2005 at 09:13:46PM +0900, Junichi Uekawa wrote:
> > Extracting source
> > Password: su: Authentication failure
> > Sorry.
> > pbuilder: Failed extracting the source
> > -> Aborting with an error
> > -> unmounting dev/pts filesystem
> > ...
> > I guess I have to set a further sudo permission here but for what program?
> > It is 'sudo su' ? I would not really like this even if it is convinient.
> I've tracked the problem down to the fact that
> /etc/pam.d/su no longer exists with a clean install
> since around yesterday.
> Upgraded systems continue to work since /etc/pam.d/su
> already exists.
> Without /etc/pam.d/su, root running su will be asked
> for a password.
> I'm suspecting either of
> login 1:4.0.12-2 -> 1:4.0.12-3
> pam 0.76-23->0.79-1
Suspect only the first. pam doesn't control any per-application config
files.
--
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
<email address hidden> http://
Debian Bug Importer (debzilla) wrote : | #22 |
Message-ID: <email address hidden>
Date: Wed, 28 Sep 2005 16:00:55 -0700
From: Steve Langasek <email address hidden>
To: Junichi Uekawa <email address hidden>
Cc: Andreas Tille <email address hidden>, <email address hidden>,
Horms <email address hidden>, <email address hidden>, <email address hidden>,
Debian Developers <email address hidden>
Subject: Re: Authentication problem with pbuilder
--2JFBq9zoW8cOFH7v
Content-Type: text/plain; charset=us-ascii
Content-
Content-
On Wed, Sep 28, 2005 at 09:13:46PM +0900, Junichi Uekawa wrote:
> > Extracting source
> > Password: su: Authentication failure
> > Sorry.
> > pbuilder: Failed extracting the source
> > -> Aborting with an error
> > -> unmounting dev/pts filesystem
> > ...
> > I guess I have to set a further sudo permission here but for what progr=
am?
> > It is 'sudo su' ? I would not really like this even if it is convinien=
t.
> I've tracked the problem down to the fact that=20
> /etc/pam.d/su no longer exists with a clean install
> since around yesterday.
> Upgraded systems continue to work since /etc/pam.d/su=20
> already exists.
> Without /etc/pam.d/su, root running su will be asked
> for a password.
> I'm suspecting either of
> login 1:4.0.12-2 -> 1:4.0.12-3
> pam 0.76-23->0.79-1
Suspect only the first. pam doesn't control any per-application config
files.
--=20
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
<email address hidden> http://
--2JFBq9zoW8cOFH7v
Content-Type: application/
Content-
Content-
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFDOyCnKN6
4b5gWhrpi2w9Xe7
=6/es
-----END PGP SIGNATURE-----
--2JFBq9zoW8cOF
Adam Conrad (adconrad) wrote : | #23 |
Already fixed upstream in Debian, never affected us.
Hi,
> I recently noticed that when runing pbuilder build, it fails as
> it calls su internally. I tracked this down to su wanting a password,
> and futher tracked this to pam using nullok_secure, wheras nullok works,
> I guess we aren't coming from a secure tty.
I don't seem to be able to reproduce this particular problem;
what's causing this?
Hmmm: archives. neohapsis. com/archives/ pam-list/ 2005-08/ 0014.html
http://
So, /etc/securetty somewhere (possibly inside the chroot)
is not what pam wants.
I have one problem in that pbuilder will feed it with < /dev/null,
and that's not a tty, according to tty command,
$ tty < /dev/null
not a tty
regards,
junichi