Bug#407497: [Pkg-shadow-devel] Bug#407497: passwd: chsh, chfn prompt root for the password (breaking .postinst scripts)

Christian Perrier bubulle at debian.org
Fri Jan 19 07:03:08 CET 2007

tags 407497 unreproducible

Quoting Jan Braun (janbraun at gmx.net):
> Package: passwd
> Version: 1:
> Severity: normal
> Hi,
> I had upgrades of logcheck and sash fail because they use chfn and chsh
> (respectively) in their postinst script, and these ask for a password
> even when invoked by root.
> This causes a hang since the postinst script doesn't seem to be in
> control of the terminal, and I can't enter anything at all; the only
> way out is killing chsh/chfn from another console. But even without
> that, I'd probably confused by a Password: prompt expecting a root
> password in the middle of a "sudo aptitude upgrade" run.

Could you send your /etc/pam.d/chsh and /etc/pam.d/chfn files?

It's pretty likely that you're missing the following in these:

# This allows root to change user shell without being
# prompted for a password
auth            sufficient      pam_rootok.so

On my system, using the default provided PAM config files:

root at mykerinos:~> chsh --shell /bin/sh spongebob
root at mykerinos:~>  

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/pkg-shadow-devel/attachments/20070119/a5f5588f/attachment.pgp

More information about the Pkg-shadow-devel mailing list