[Pkg-shadow-devel] Bug#628671: passwd: Ordinary users can't change their passwords.
Peter Chubb
peter.chubb at nicta.com.au
Tue May 31 08:50:45 UTC 2011
Package: passwd
Version: 1:4.1.4.2+svn3283-2+squeeze1
Severity: normal
I'm running a server that has most users authenticate via LDAP and SSL, but
has a few local users with entries in /etc/shadow and /etc/passwd.
Thesse local users cannot change their passwords. They see a message about Authentication token manipulation error
Running strace shows that passwd drops privilege and then cannot gain it again.
Strace output:
open(/etc/ldap/keys/cacert.pem", O_RDONLY) = 5
.....
mmap(NULL, 32768, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb4fdf5c000
getuid() = 8299
mlock(0x7fb4fdf5c000, 32768) = 0
geteuid() = 0
setuid(8299) = 0
getuid() = 8299
geteuid() = 8299
setuid(0) = -1 EPERM (Operation not permitted)
....
open("/etc/.pwd.lock", O_WRONLY|O_CREAT|O_CLOEXEC, 0600) = -1 EACCES (Permission
denied)
/etc/pam.d/common-passwd contains just these two lines:
password required pam_unix.so nullok obscure sha512
password sufficient pam_ldap.so
-- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.32-5-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages passwd depends on:
ii debianutils 3.4.4 Miscellaneous utilities specific t
ii libc6 2.13-2 Embedded GNU C Library: Shared lib
ii libpam-modules 1.1.2-3 Pluggable Authentication Modules f
ii libpam0g 1.1.2-3 Pluggable Authentication Modules l
ii libselinux1 2.0.98-1+b1 SELinux runtime shared libraries
passwd recommends no packages.
passwd suggests no packages.
-- no debconf information
More information about the Pkg-shadow-devel
mailing list