Martin Schulze wrote:
> Behan Webster writes:
> > I have xlockmore installed on my system here with shadow turned on.
> > I know it's supposed to work (because other machines on our localnet
> > are configured seemingly exactly the same and xlock works there).
> > griffon:~> ls -l /etc/passwd /etc/shadow /usr/bin/X11/xlock
> > -rw-r--r-- 1 root root 1220 Sep 29 09:32 /etc/passwd
> > -rw-r----- 1 root shadow 797 Oct 2 09:37 /etc/shadow
> > -rwxr-sr-x 1 root shadow 463376 May 31 21:27
> > /usr/bin/X11/xlock*
> > griffon:~> xlock
> > xlock: it looks like you have shadow passwording.
> > Contact your administrator.
> > griffon:~>
> > What's wrong? What am I missing? Am I going insane?
> Try a "shadowconfig off" and then "shadowconfig on" afterwards. Maybe
> the package is slightly confused?
No, shadow was definitely on and functioning fine. It is xlock itself
who can't read the password despite being setgid shadow.
The problem (which I finally figured out) is that the passwords are
being served by nis. I have nis setup to mangle passwords for non
root users, and since xlock doesn't run as root, there is no way for
it to read the password from nis. (nis mangles the password by
returning an "x" for the password field).
The are only 2 ways of fixing the problem as far as I can tell.
1) don't have nis mangle the passwords.
2) set xlock to be setuid root.
I've opted for the second solution.
I've filed a bug report against the xlockmore package stating exactly
the above, but I'm not sure what can be done. Perhaps the postinst
can ask if nis is mangling passords, and if so, do you want xlock
to be setuid root.
Behan Webster mailto:firstname.lastname@example.org
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
Trouble? e-mail to email@example.com .
- From: Behan Webster <firstname.lastname@example.org>
- Re: xlock
- From: email@example.com (Martin Schulze)