Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Bug#1032786: greetd: Authentication error due to _greety user having shell=/usr/sbin/nologin
312 views
Skip to first unread message
Denis M
Mar 11, 2023, 12:40:04 PM3/11/23
to
Package: greetd
Version: 0.9.0-1
Severity: normal
Dear Maintainer,
* What led up to the situation?
I installed greetd using 'apt install greetd' onto the system
with little graphical environment present. I haven't installed
any DE yet, only Xorg.
* What exactly did you do (or not do) that was effective (or
ineffective)?
After installation I rebooted the system and had usual linux
terminal login screen which is probably wrong. (I haven't used
greetd before I don't really know what to expect.)
* What was the outcome of this action?
That's what I've seen in the journald -u greetd:
Mar 11 18:28:38 boy greetd[797]: warning: PAM 'greetd' service missing, falling back to 'login'
Mar 11 18:28:38 boy greetd[798]: pam_unix(login:session): session opened for user _greetd(uid=102) by (uid=0)
Mar 11 18:28:38 boy greetd[806]: pam_unix(login:auth): check pass; user unknown
Mar 11 18:28:38 boy greetd[806]: pam_unix(login:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=
Mar 11 18:28:42 boy greetd[806]: error: authentication error: pam_authenticate: AUTH_ERR
Mar 11 18:28:42 boy greetd[797]: client loop failed: i/o error: Broken pipe (os error 32)
* What outcome did you expect instead?
Instead I expected to see no errors in the log and have a
functional greeter on startup. I'm still not sure what this
should mean though.
* Potential fix
I searched similar errors on the internet. There are not many pages
about it. But it seems that _greetd user should have
shell=/usr/bin/bash. When I changed its hell this way in
/etc/passwd the error disappeared.
-- System Information:
Debian Release: bookworm/sid
APT prefers testing-security
APT policy: (500, 'testing-security'), (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 6.1.0-5-amd64 (SMP w/8 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages greetd depends on:
ii adduser 3.131
ii libc6 2.36-8
ii libgcc-s1 12.2.0-14
ii libpam0g 1.5.2-6
greetd recommends no packages.
Versions of packages greetd suggests:
pn wlgreet <none>
-- no debconf information
Best regards,
Denis M.
Version: 0.9.0-1
Severity: normal
Dear Maintainer,
* What led up to the situation?
I installed greetd using 'apt install greetd' onto the system
with little graphical environment present. I haven't installed
any DE yet, only Xorg.
* What exactly did you do (or not do) that was effective (or
ineffective)?
After installation I rebooted the system and had usual linux
terminal login screen which is probably wrong. (I haven't used
greetd before I don't really know what to expect.)
* What was the outcome of this action?
That's what I've seen in the journald -u greetd:
Mar 11 18:28:38 boy greetd[797]: warning: PAM 'greetd' service missing, falling back to 'login'
Mar 11 18:28:38 boy greetd[798]: pam_unix(login:session): session opened for user _greetd(uid=102) by (uid=0)
Mar 11 18:28:38 boy greetd[806]: pam_unix(login:auth): check pass; user unknown
Mar 11 18:28:38 boy greetd[806]: pam_unix(login:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=
Mar 11 18:28:42 boy greetd[806]: error: authentication error: pam_authenticate: AUTH_ERR
Mar 11 18:28:42 boy greetd[797]: client loop failed: i/o error: Broken pipe (os error 32)
* What outcome did you expect instead?
Instead I expected to see no errors in the log and have a
functional greeter on startup. I'm still not sure what this
should mean though.
* Potential fix
I searched similar errors on the internet. There are not many pages
about it. But it seems that _greetd user should have
shell=/usr/bin/bash. When I changed its hell this way in
/etc/passwd the error disappeared.
-- System Information:
Debian Release: bookworm/sid
APT prefers testing-security
APT policy: (500, 'testing-security'), (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 6.1.0-5-amd64 (SMP w/8 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages greetd depends on:
ii adduser 3.131
ii libc6 2.36-8
ii libgcc-s1 12.2.0-14
ii libpam0g 1.5.2-6
greetd recommends no packages.
Versions of packages greetd suggests:
pn wlgreet <none>
-- no debconf information
Best regards,
Denis M.
Denis M
Mar 11, 2023, 2:00:04 PM3/11/23
to
Separate issue is this warning
warning: PAM 'greetd' service missing, falling back to 'login'
After looking into the code of greetd I can tell it is triggered by the absence of the file /etc/pam.d/greet. This file is provided by a separate package in arch linux[1], perhaps the debian package should provide a similar file too. However, just copying their file wasn't enough. I get another error:
Mar 11 20:28:34 boy systemd[1]: Started greetd.service - Greeter daemon.
Mar 11 20:28:34 boy greetd[734]: PAM _pam_load_conf_file: unable to open config for /etc/pam.d/system-local-login
Mar 11 20:28:34 boy greetd[734]: PAM _pam_load_conf_file: unable to open config for /etc/pam.d/system-local-login
Mar 11 20:28:34 boy greetd[734]: PAM _pam_load_conf_file: unable to open config for /etc/pam.d/system-local-login
Mar 11 20:28:34 boy greetd[734]: error: authentication error: pam_acct_mgmt: PERM_DENIED
Mar 11 20:28:34 boy greetd[733]: unable to start greeter: session start failed: authentication error: pam_acct_mgmt: PERM_DENIED [1]: https://aur.archlinux.org/cgit/aur.git/tree/greetd.pam?h=greetd
0 new messages