[Bug 686034] New: pam fails if /var/log is on tmpfs
https://bugzilla.novell.com/show_bug.cgi?id=686034 https://bugzilla.novell.com/show_bug.cgi?id=686034#c0 Summary: pam fails if /var/log is on tmpfs Classification: openSUSE Product: openSUSE 11.4 Version: Final Platform: x86-64 OS/Version: openSUSE 11.4 Status: NEW Severity: Major Priority: P5 - None Component: Basesystem AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: knuckster@gmail.com QAContact: qa@suse.de Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:2.0.0) Gecko/20100101 Firefox/4.0 I tried to mount tmpfs to /var/log (and some other dirs) because it saves some write cycles on my SSD. I did it like this (in fstab): tmpfs /var/log tmpfs defaults 0 0 Today I found out that this breaks PAM somehow. When I try to login through a text console either as root or as a normal user I get "Error in service module" message from pam and get kicked out. Loging into graphical environment works OK. If usual /var/log from the root file system is used everything works OK too. I suspect that this is caused by pam_lastlog module because it seems that the only pam file there is /var/log/lastlog. Reproducible: Always Steps to Reproduce: 1. Mount tmpfs to /var/log 2. Reboot 3. Try to log in through a text console Actual Results: After entering correct user password you get "Error in service module" message and log out immediately. Expected Results: Pam should not fail on tmpfs. And pam_lastlog should be an optional module. I'd prefer not getting weird messages and stay logged in despite all pam_lastlog errors anyway. I'm going to have to assign major severity level because this error actually makes system unusable if it has no graphical environment or X cannot be started. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=686034
https://bugzilla.novell.com/show_bug.cgi?id=686034#c
zj jia
https://bugzilla.novell.com/show_bug.cgi?id=686034
https://bugzilla.novell.com/show_bug.cgi?id=686034#c
Michael Calmer
https://bugzilla.novell.com/show_bug.cgi?id=686034
https://bugzilla.novell.com/show_bug.cgi?id=686034#c1
Michael Calmer
https://bugzilla.novell.com/show_bug.cgi?id=686034
https://bugzilla.novell.com/show_bug.cgi?id=686034#c2
Thorsten Kukuk
https://bugzilla.novell.com/show_bug.cgi?id=686034
https://bugzilla.novell.com/show_bug.cgi?id=686034#c3
--- Comment #3 from Max Breev
I assume that you don't create the /var/log/lastlog file new after mounting Of course I don't. Why would I? Do you still need the messages?
-- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=686034
https://bugzilla.novell.com/show_bug.cgi?id=686034#c4
--- Comment #4 from Thorsten Kukuk
I assume that you don't create the /var/log/lastlog file new after mounting Of course I don't. Why would I?
Because it is part of aaa_base and you need to make sure, that all directories/files are created with the correct ownership and permission after you mount a tmpfs based file system on /var/log. How else should the applications work correct? Or do you think the RPMs contain this files for fun?
Do you still need the messages?
Of course. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=686034
https://bugzilla.novell.com/show_bug.cgi?id=686034#c5
--- Comment #5 from Max Breev
is part of aaa_base Oh. Sorry, I didn't know that. As it turns out that mounting tmpfs to /var/log one breaks the system directory layout, I assume the experienced problem is a "legal" behavior. Right? Anyway it's still strange to have generated log files as part of a required layout (or placing crucial files to a log directory). Well. okay. If you're going to fix this I'll go get the logs. BRB.
-- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=686034
https://bugzilla.novell.com/show_bug.cgi?id=686034#c6
Max Breev
https://bugzilla.novell.com/show_bug.cgi?id=686034
https://bugzilla.novell.com/show_bug.cgi?id=686034#c7
Thorsten Kukuk
https://bugzilla.novell.com/show_bug.cgi?id=686034
https://bugzilla.novell.com/show_bug.cgi?id=686034#c8
--- Comment #8 from Thorsten Kukuk
https://bugzilla.novell.com/show_bug.cgi?id=686034
https://bugzilla.novell.com/show_bug.cgi?id=686034#c9
--- Comment #9 from Max Breev
- how does your /etc/pam.d/login file look like? Will attach next. - What does the error message from pam_lastlog about /var/log/btmp mean in english? No such file or directory. - Do you see the same problem if you don't use apparmor? Err. The checkbox in the yast apparmor control panel is off. So I guess I don't use it :)
-- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=686034
https://bugzilla.novell.com/show_bug.cgi?id=686034#c10
Max Breev
https://bugzilla.novell.com/show_bug.cgi?id=686034
https://bugzilla.novell.com/show_bug.cgi?id=686034#c11
--- Comment #11 from Max Breev
Could you please try two things?
Create a file /var/log/btmp. Can you login afterwards? Yes. Is the option "showfailed" set for pam_lastlog? If yes, could you try if it works if you remove them? Yes.
-- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=686034
https://bugzilla.novell.com/show_bug.cgi?id=686034#c12
Thorsten Kukuk
participants (1)
-
bugzilla_noreply@novell.com