Bug#804322: should @include common-session-noninteractive instead
Marco d'Itri
md at linux.it
Mon Sep 19 13:19:15 UTC 2016
On Sep 19, Hilmar Preuße <hille42 at web.de> wrote:
> > Proftpd should use the common-session-noninteractive PAM configuration
> > fragment, which does not call pam_systemd:
> >
> > /etc/pam.d/proftpd:
> > - at include common-session-noninteractive
> > + at include common-session
> >
> Currently:
>
> hille at sid:~ $ less -X /etc/pam.d/proftpd
> #%PAM-1.0
> auth required pam_listfile.so item=user sense=deny
> file=/etc/ftpusers onerr=succeed
> @include common-auth
>
> # This is disabled because anonymous logins will fail otherwise,
> # unless you give the 'ftp' user a valid shell, or /bin/false and add
> # /bin/false to /etc/shells.
> #auth required pam_shells.so
>
> @include common-account
> @include common-session
> <snip>
>
> If I understand correctly it is exactly as you requested.
Sorry, my patch was reversed: what we need is "@include
common-session-noninteractive" or else systemd will open a new user
session (with the related daemons) for every FTP login.
> Further on my system (I never touched pam) /etc/pam.d/common-session &
> /etc/pam.d/common-session-noninteractive differ just in the included
> comments. Just /usr/share/pam/common-session-noninteractive &
> /usr/share/pam/common-session differ.
Looks like your systems is old? In unstable common-session has an extra
line for pam_systemd.so.
--
ciao,
Marco
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 630 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-proftpd-maintainers/attachments/20160919/0d901e6f/attachment.sig>
More information about the Pkg-proftpd-maintainers
mailing list