1 |
On Monday 17 September 2007, Albert Hopkins wrote: |
2 |
> On Mon, 2007-09-17 at 21:48 +0200, Etaoin Shrdlu wrote: |
3 |
> > What does stracing the program show? |
4 |
> |
5 |
> As root it does an open("/etc/passwd", O_RDONLY) twice. Both times it |
6 |
> gets a file handle. |
7 |
> |
8 |
> As user, same thing, but it also tries to open /etc/shadow RDONLY and, |
9 |
> of course, gets a "Permission denied". |
10 |
|
11 |
This is different from what you said before. You said that running as |
12 |
root or as an user made no difference, and in both cases you were |
13 |
getting "can't open password file". You never mentioned a "permission |
14 |
denied" error, which seems correct when running as a regular user. |
15 |
On my box, running chage as a regular user fails with "permission |
16 |
denied", but it's not related to /etc/shadow permissions. Instead |
17 |
(looking at the strace and at the sources), chage checks the real UID of |
18 |
the user and terminates if it's not 0 and the user requests to change |
19 |
the info (instead of just listing it with -l). It does not even touch |
20 |
any file. |
21 |
So, if you see chage trying to open /etc/shadow when running as a regular |
22 |
user, something must be broken or wrong. What version of shadow are you |
23 |
using? Mine is shadow-4.0.18.1-r1. |
24 |
|
25 |
> There is also a |
26 |
> |
27 |
> write(2, "chage: PAM authentication failed"..., 33chage: PAM |
28 |
> authentication failed) = 33 |
29 |
> |
30 |
> But I've never seen this on my terminal when running w/o strace. |
31 |
|
32 |
How does your /etc/pam.d/chage look like? |
33 |
|
34 |
Here is mine: |
35 |
|
36 |
[Mon Sep 17 21:41:13 root@kermit ~]# cat /etc/pam.d/chage |
37 |
#%PAM-1.0 |
38 |
|
39 |
auth sufficient pam_rootok.so |
40 |
auth required pam_permit.so |
41 |
|
42 |
account include system-auth |
43 |
|
44 |
password required pam_permit.so |
45 |
-- |
46 |
gentoo-user@g.o mailing list |