[Pkg-shadow-devel] Bug#1038861: Bug#1038861: login updates login.defs, adds options that old groupmod doesn't understand

Serge E. Hallyn serge at hallyn.com
Thu Jun 22 14:05:42 BST 2023 

On Thu, Jun 22, 2023 at 08:13:24AM +0200, Marc Haber wrote:
> Package: login
> Version: 1:4.13+dfsg1-1+b1
> Severity: minor
> 
> Hi,
> 
> upgrading from bullseye to bookworm, during the "apt upgrade" step, it
> may happen that login updates login.defs and adds the NONEXISTENT and
> PREVENT_NO_AUTH options to login.defs. However, it is not guaranteed
> that passwd gets upgraded quickly afterwards. Old groupmod, from old
> passwd, doesn't understand the new configuration options and logs
> 
> Jun 22 07:38:41 emptybullseye99 groupmod[6828]: unknown configuration item `NONEXISTENT'
> Jun 22 07:38:41 emptybullseye99 groupmod[6828]: unknown configuration item `PREVENT_NO_AUTH'
> 
> Those messages also end up on the console, unfortunately without a
> prefix indicating which program caused the message. It just says
> "configuration error - unknown item NONEXISTENT". If groupmod didn't log to
> syslog as well, I would still be searching.

That does seem annoying, I don't really see any reason for those error
messages.

I filed https://github.com/shadow-maint/shadow/issues/746 about this.

> This shows, for example, when openssh-client tries to rename its ssh
> group to _ssh in postinst between the updates of login and passwd. I
> have also seen this when upgrading udev from bullseye to bookworm as it
> tries to create the new sgx group.
> 
> Functionality is not affected, the operation succeeds, but there is a
> confusing error message on the console.
> 
> Maybe it would be a good idea to have a versioned dependency between
> login and passwd, preventing the case of an old binary not fully
> understanding a new configuration file.
> 
> Greetings
> Marc
> 
> 
> -- System Information:
> Debian Release: 11.7
>   APT prefers stable-security
>   APT policy: (500, 'stable-security'), (500, 'stable')
> Architecture: amd64 (x86_64)
> 
> Kernel: Linux 6.3.7-zgsrv20080 (SMP w/4 CPU threads; PREEMPT)
> Locale: LANG=de_DE.utf8, LC_CTYPE=de_DE.utf8 (charmap=UTF-8), LANGUAGE=en
> Shell: /bin/sh linked to /bin/dash
> Init: systemd (via /run/systemd/system)
> 
> Versions of packages login depends on:
> ii  libaudit1       1:3.0-2
> ii  libc6           2.36-9
> ii  libcrypt1       1:4.4.18-4
> ii  libpam-modules  1.4.0-9+deb11u1
> ii  libpam-runtime  1.4.0-9+deb11u1
> ii  libpam0g        1.4.0-9+deb11u1
> 
> login recommends no packages.
> 
> login suggests no packages.
> 
> -- Configuration Files:
> /etc/pam.d/login changed [not included]
> 
> -- no debconf information
> 
> _______________________________________________
> Pkg-shadow-devel mailing list
> Pkg-shadow-devel at alioth-lists.debian.net
> https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-shadow-devel

More information about the Pkg-shadow-devel mailing list