Lenny upgrade -- kcheckpass behavior change

To: debian-user@lists.debian.org
Subject: Lenny upgrade -- kcheckpass behavior change
From: Andrew Reid <reidac@bellatlantic.net>
Date: Wed, 18 Feb 2009 18:27:48 -0500
Message-id: <[🔎] 200902181827.48162.reidac@bellatlantic.net>

  I've just completed the "lenny" upgrade on my main
box at home, and ran into an interesting glitch.

  The initial symptom was, I couldn't unlock the screen
from the screensaver.  The logs complained about "user not found",
but id <user> showed it, PAM config looked OK, /etc/nsswitch.conf
was fine, and /etc/passwd and /etc/shadow hadn't changed.
  Other log entries showed the complaint was coming from 
kcheckpass, and indeed, interactive use showed that it was 
failing, even with the correct password. Running "strace"
on this showed it was getting "permission denied" trying to 
read /etc/shadow.

  On this system, I had set /etc/shadow to be permission 400,
as recommended in a system hardening guide (don't recall now 
which one), and then more or less forgotten about it.

  Evidently the behavior of kcheckpass has changed, it must
run as group "shadow" now, and not as user root.  Opening up 
permissions on /etc/shadow (I changed it to 440) fixed it.

					-- A.
-- 
Andrew Reid / reidac@bellatlantic.net

Reply to:

Prev by Date: Re: label swap partition
Next by Date: lenny netinst on laptop help
Previous by thread: Re: Unidentified subject!
Next by thread: lenny netinst on laptop help
Index(es):
- Date
- Thread