passwd, permission denied
Dan Yefimov
dan at nf15.lightwave.net.ru
Wed Mar 18 15:44:58 UTC 2009
On 18.03.2009 15:28, Marc Weber wrote:
> I'm getting this on my vserver:
>
> [root at nixos:~]# passwd root
> Changing password for root.
> passwd: Permission denied
>
>
> [root at nixos:~]# cat /etc/pam.d/passwd
> auth include common
> account include common
> password include common
> session include common
>
> [root at nixos:~]# cat /etc/pam.d/common
> # auth sufficient /no-such-path/lib/security/pam_ldap.so
> auth sufficient
> /nix/store/22w3l41qxszyisqn09pjad8vc93kwr49-pam_unix2-2.1/lib/security/pam_unix2.so
> debug
> auth required pam_deny.so debug
>
> # account optional /no-such-path/lib/security/pam_ldap.so
> account required
> /nix/store/22w3l41qxszyisqn09pjad8vc93kwr49-pam_unix2-2.1/lib/security/pam_unix2.so
> debug
>
> # password sufficient /no-such-path/lib/security/pam_ldap.so
> password sufficient
> /nix/store/22w3l41qxszyisqn09pjad8vc93kwr49-pam_unix2-2.1/lib/security/pam_unix2.so
> debug
>
> # session optional /no-such-path/lib/security/pam_ldap.so
> session required
> /nix/store/22w3l41qxszyisqn09pjad8vc93kwr49-pam_unix2-2.1/lib/security/pam_unix2.so
> debug
>
> syslog:
> Mar 18 12:26:41 nixos passwd[7919]: pam_unix2(passwd:chauthtok): pam_sm_chauthtok() called
> Mar 18 12:26:41 nixos passwd[7919]: pam_unix2(passwd:chauthtok): username=[root]
> Mar 18 12:26:41 nixos passwd[7919]: User root: Permission denied
>
> strace output looks like this: http://rafb.net/p/7jq2vb43.html
>
The problem is with settings in /etc/login.defs, I think. I've no idea why is it
used. Moreover, your installation looks very unusual, strange to me. For
example, originally spawned passwd execs another, "real" passwd from the
different location, while the latter still uses /etc/login.defs, not login.defs
from the appropriate location. I think, you should invoke passwd from the
context of the virtual server, not from the master context.
--
Sincerely Your, Dan.
More information about the Pam-list
mailing list