FS#50369 - [kscreenlocker] kcheckpass cannot write to /var/log/faillog because it doesn't have setuid
Attached to Project:
Arch Linux
Opened by Samantha McVey (samcv) - Friday, 12 August 2016, 09:26 GMT
Last edited by Antonio Rojas (arojas) - Friday, 12 August 2016, 14:00 GMT
Opened by Samantha McVey (samcv) - Friday, 12 August 2016, 09:26 GMT
Last edited by Antonio Rojas (arojas) - Friday, 12 August 2016, 14:00 GMT
|
Details
Steps to reproduce:
Start journalctl -f in a terminal. Lock the screen in KDE (Ctrl + Alt + L). Type in an incorrect password. Log in again, and check the journal, you should see: kcheckpass[10589]: pam_tally(kde:auth): Error opening /var/log/faillog for update kcheckpass[10589]: pam_tally(kde:auth): Error opening /var/log/faillog for read kcheckpass[10589]: pam_tally(kde:setcred): Error opening /var/log/faillog for update kcheckpass[10589]: pam_tally(kde:setcred): Error opening /var/log/faillog for update If you do chmod +s /usr/lib/kcheckpass, then the error doesn't show and it works correctly. |
This task depends upon
Closed by Antonio Rojas (arojas)
Friday, 12 August 2016, 14:00 GMT
Reason for closing: Duplicate
Additional comments about closing: FS#42120
Friday, 12 August 2016, 14:00 GMT
Reason for closing: Duplicate
Additional comments about closing:
The applicable configuration file is in /etc/pam.d/system-login
It seems some other distributions have changed from pam_tally to pam_tally2. The man page for pam_tally says it's depreciated so maybe it would be better to use pam_tally2 rather than setuid.
FS#42120