[Pkg-shadow-devel] Bug#764841: please use pam_exec to display "dynamic" motd

Michael Biebl biebl at debian.org
Sun Oct 12 19:50:14 UTC 2014 

On Sun, 12 Oct 2014 08:39:18 +0100 Colin Watson <cjwatson at debian.org> wrote:
> On Sat, Oct 11, 2014 at 05:09:38PM +0200, Romain Francoise wrote:
> > As of systemd 208-7, the motd init script is masked and no longer runs
> > at boot. login was updated to replace its use of /run/motd.dynamic with
> > a pam_exec invocation:
> > 
> > | # Prints the message of the day upon succesful login.
> > | # (Replaces the `MOTD_FILE' option in login.defs)
> > | session    optional   pam_exec.so type=open_session stdout /bin/uname -snrvm
> > | session    optional   pam_motd.so
> > 
> > Please consider doing the same in openssh-server's pam configuration.
> 
> Doesn't the motd stuff do considerably more than just uname?  On my
> Ubuntu system it says:
> 
>   Welcome to Ubuntu Utopic Unicorn (development branch) (GNU/Linux 3.16.0-17-generic x86_64)
>   
>    * Documentation:  https://help.ubuntu.com/
>   
>   485 packages can be updated.
>   0 updates are security updates.
>   
>   *** System restart required ***
> 
> So I think I need to find a way to avoid regressing that.

Since you still keep the pam_motd line, the worst that can happen
afaics, is that on Ubuntu the uname information would be printed twice
(if you don't want to have delta)
Or what kind of regression did you have in mind?

Bringing Steve into the loop here, as PAM maintainer:
Quoting IRC:
<vorlon> mbiebl: I believe we should use /etc/update-motd.d for this,
yes.  In principle I think it's also fine to do this via pam_exec, but
update-motd needs to be externalized as a script first.


As for jessie, I don't know how much effort it would be to switch to the
update-motd mechanism and also update the login package accordingly.

Steve, do you think it's too late to do that for jessie? What would you
suggest?

We did mask the motd init script in systemd after we were told that the
login package was updated to no longer require it and we weren't aware
that there were other users of that motd.dynamic file.

We can certainly revert this change again for jessie, if you think the
uname information for ssh logins is important enough.
That said, if this can be avoided and we find an agreeable solution for
everyone which doesn't involved generating a motd.dynamic file, then I'd
certainly prefer that.


Michael
-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-shadow-devel/attachments/20141012/a0e36ee1/attachment.sig>

More information about the Pkg-shadow-devel mailing list