Arch Linux

Please read this before reporting a bug:

Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!

FS#74196 - [kscreenlocker] Cannot unlock session

Attached to Project: Arch Linux
Opened by Outvi V (outloudvi) - Tuesday, 22 March 2022, 13:47 GMT
Last edited by David Thurstenson (thurstylark) - Friday, 25 March 2022, 23:58 GMT
Task Type Bug Report
Category Packages: Extra
Status Closed
Assigned To No-one
Architecture All
Severity Low
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No


Cannot unlock from kscreenlocker unless /usr/lib/kcheckpass is SUID-ed or /etc/shadow is readable by all (e.g. 644).

It started to happen since I "fixed" the permission of /etc/shadow (it seems that it should be 600 on a clear Arch Linux).

1. Tried sudo. sudo worked as normal.
2. Tried to reboot and login. Login worked while kscreenlocker did not.
3. Tried to bypass PAM by editing /etc/pam.d/system-auth, the bypass succeeded.
4. Tried to re-build kcheckpass and print the password I inputed. I printed the buf from [1], and it was exactly my password.

Additional info:
* package version(s)
* kscreenlocker 5.24.3-1
* pam 1.5.2-1
* pambase 20211210-1

Steps to reproduce:
1. Confirm that /etc/shadow is at 600 and /usr/lib/kcheckpass is 755 (without SUID)
2. Lock the screen with kscreenlocker
3. Try to unlock the screen

This task depends upon

Closed by  David Thurstenson (thurstylark)
Friday, 25 March 2022, 23:58 GMT
Reason for closing:  Not a bug
Additional comments about closing:  Support request. Redirected to proper channels.
Comment by Antonio Rojas (arojas) - Tuesday, 22 March 2022, 15:56 GMT
Comment by Outvi V (outloudvi) - Tuesday, 22 March 2022, 16:16 GMT
The logs when trying to unlock is as below (also reproduced on my machine with "/usr/lib/kscreenlocker_greet --testing"):

kcheckpass[79339]: pam_systemd_home(kde:auth): systemd-homed is not available: Unit dbus-org.freedesktop.home1.service not found.
kcheckpass[79339]: pam_unix(kde:auth): username [USERNAME] obtained
kcheckpass[79339]: pam_unix(kde:auth): authentication failure; logname=USERNAME uid=1000 euid=1000 tty=/dev/pts/1 ruser= rhost= user=USERNAME
Comment by Antonio Rojas (arojas) - Tuesday, 22 March 2022, 20:19 GMT
Please check the output of 'pacman -Qkk plasma-workspace shadow pam pambase plasma-workspace' and make sure no other permissions need fixing.

This looks like a local issue more suitable for the support channels, I doubt there is anything that needs fixing in our packages.
Comment by Outvi V (outloudvi) - Wednesday, 23 March 2022, 03:09 GMT
I've checked, fixed all related permission problems and rebooted, but the problem insists.

I would also agree that it seems to be a local issue - given that there is not huge changes over klockscreen, the problem should have been reported much earlier if it's distro-wide. I believe there shall be many users using the KDE screenlocker. I would do some more researches on my side and ask on this in the support forum. Sorry for the disturbance and thank for your kind help.