| 1 |
On Monday 17 September 2007, Albert Hopkins wrote: |
| 2 |
> On Mon, 2007-09-17 at 21:48 +0200, Etaoin Shrdlu wrote: |
| 3 |
> > What does stracing the program show? |
| 4 |
> |
| 5 |
> As root it does an open("/etc/passwd", O_RDONLY) twice. Both times it |
| 6 |
> gets a file handle. |
| 7 |
> |
| 8 |
> As user, same thing, but it also tries to open /etc/shadow RDONLY and, |
| 9 |
> of course, gets a "Permission denied". |
| 10 |
|
| 11 |
This is different from what you said before. You said that running as |
| 12 |
root or as an user made no difference, and in both cases you were |
| 13 |
getting "can't open password file". You never mentioned a "permission |
| 14 |
denied" error, which seems correct when running as a regular user. |
| 15 |
On my box, running chage as a regular user fails with "permission |
| 16 |
denied", but it's not related to /etc/shadow permissions. Instead |
| 17 |
(looking at the strace and at the sources), chage checks the real UID of |
| 18 |
the user and terminates if it's not 0 and the user requests to change |
| 19 |
the info (instead of just listing it with -l). It does not even touch |
| 20 |
any file. |
| 21 |
So, if you see chage trying to open /etc/shadow when running as a regular |
| 22 |
user, something must be broken or wrong. What version of shadow are you |
| 23 |
using? Mine is shadow-4.0.18.1-r1. |
| 24 |
|
| 25 |
> There is also a |
| 26 |
> |
| 27 |
> write(2, "chage: PAM authentication failed"..., 33chage: PAM |
| 28 |
> authentication failed) = 33 |
| 29 |
> |
| 30 |
> But I've never seen this on my terminal when running w/o strace. |
| 31 |
|
| 32 |
How does your /etc/pam.d/chage look like? |
| 33 |
|
| 34 |
Here is mine: |
| 35 |
|
| 36 |
[Mon Sep 17 21:41:13 root@kermit ~]# cat /etc/pam.d/chage |
| 37 |
#%PAM-1.0 |
| 38 |
|
| 39 |
auth sufficient pam_rootok.so |
| 40 |
auth required pam_permit.so |
| 41 |
|
| 42 |
account include system-auth |
| 43 |
|
| 44 |
password required pam_permit.so |
| 45 |
-- |
| 46 |
gentoo-user@g.o mailing list |
Archives