FS#74196 - [kscreenlocker] Cannot unlock session
Attached to Project:
Arch Linux
Opened by Outvi V (outloudvi) - Tuesday, 22 March 2022, 13:47 GMT
Last edited by David Thurstenson (thurstylark) - Friday, 25 March 2022, 23:58 GMT
Opened by Outvi V (outloudvi) - Tuesday, 22 March 2022, 13:47 GMT
Last edited by David Thurstenson (thurstylark) - Friday, 25 March 2022, 23:58 GMT
|
Details
Description:
Cannot unlock from kscreenlocker unless /usr/lib/kcheckpass is SUID-ed or /etc/shadow is readable by all (e.g. 644). It started to happen since I "fixed" the permission of /etc/shadow (it seems that it should be 600 on a clear Arch Linux). Troubleshooting: 1. Tried sudo. sudo worked as normal. 2. Tried to reboot and login. Login worked while kscreenlocker did not. 3. Tried to bypass PAM by editing /etc/pam.d/system-auth, the bypass succeeded. 4. Tried to re-build kcheckpass and print the password I inputed. I printed the buf from [1], and it was exactly my password. Additional info: * package version(s) * kscreenlocker 5.24.3-1 * pam 1.5.2-1 * pambase 20211210-1 Steps to reproduce: 1. Confirm that /etc/shadow is at 600 and /usr/lib/kcheckpass is 755 (without SUID) 2. Lock the screen with kscreenlocker 3. Try to unlock the screen Notes: 1. https://github.com/KDE/kscreenlocker/blob/9d3a95f5f760de2e25e411ee7c1df8f9cf41f5db/kcheckpass/kcheckpass.c#L161 |
This task depends upon
Closed by David Thurstenson (thurstylark)
Friday, 25 March 2022, 23:58 GMT
Reason for closing: Not a bug
Additional comments about closing: Support request. Redirected to proper channels.
Friday, 25 March 2022, 23:58 GMT
Reason for closing: Not a bug
Additional comments about closing: Support request. Redirected to proper channels.
```
kcheckpass[79339]: pam_systemd_home(kde:auth): systemd-homed is not available: Unit dbus-org.freedesktop.home1.service not found.
kcheckpass[79339]: pam_unix(kde:auth): username [USERNAME] obtained
kcheckpass[79339]: pam_unix(kde:auth): authentication failure; logname=USERNAME uid=1000 euid=1000 tty=/dev/pts/1 ruser= rhost= user=USERNAME
```
This looks like a local issue more suitable for the support channels, I doubt there is anything that needs fixing in our packages.
I would also agree that it seems to be a local issue - given that there is not huge changes over klockscreen, the problem should have been reported much earlier if it's distro-wide. I believe there shall be many users using the KDE screenlocker. I would do some more researches on my side and ask on this in the support forum. Sorry for the disturbance and thank for your kind help.