https://bugzilla.novell.com/show_bug.cgi?id=789833 https://bugzilla.novell.com/show_bug.cgi?id=789833#c Jiaying ren changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |jren@suse.com AssignedTo|bnc-team-screening@forge.pr |mvyskocil@suse.com |ovo.novell.com | -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=789833 https://bugzilla.novell.com/show_bug.cgi?id=789833#c2 --- Comment #2 from Erwin Van de Velde 2012-11-16 08:59:51 UTC --- Created an attachment (id=513411) --> (http://bugzilla.novell.com/attachment.cgi?id=513411) pure-ftpd.conf -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=789833 https://bugzilla.novell.com/show_bug.cgi?id=789833#c4 Michal Vyskocil changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|P5 - None |P3 - Medium Status|NEW |NEEDINFO CC| |mc@suse.com InfoProvider| |mc@suse.com Summary|Pure-ftpd does not allow |Pure-ftpd login gails on |login when started as |pam_loginuid(pure-ftpd:sess |service |ion): set_loginuid --- Comment #4 from Michal Vyskocil 2012-12-18 15:16:55 UTC --- I've the same - the /var/log/messages contains Dec 18 16:06:42 zelva pure-ftpd: (?@10.100.13.12) [INFO] New connection from 10.100.13.12 Dec 18 16:06:42 zelva pure-ftpd: (?@10.100.13.12) [DEBUG] Command [user] [mvyskocil] Dec 18 16:06:44 zelva pure-ftpd: (?@10.100.13.12) [DEBUG] Command [pass] [<*>] Dec 18 16:06:45 zelva pure-ftpd: pam_sss(pure-ftpd:auth): authentication success; logname= uid=0 euid=0 tty=pure-ftpd ruser=mvyskocil rhost= user=mvyskocil Dec 18 16:06:45 zelva pure-ftpd: pam_loginuid(pure-ftpd:session): set_loginuid failed BTW: This seems as a dup of bnc#780724 @mc: why the pam_loginuid fails on systemd-powered systems? I found such issue, but it was on a system with ro /proc, which does not apply to my own. I use standard openSUSE kernel with zgrep AUDIT /proc/config.gz CONFIG_AUDIT_ARCH=y CONFIG_AUDIT=y CONFIG_AUDITSYSCALL=y CONFIG_AUDIT_WATCH=y CONFIG_AUDIT_TREE=y # CONFIG_AUDIT_LOGINUID_IMMUTABLE is not set CONFIG_NETFILTER_XT_TARGET_AUDIT=m CONFIG_SECURITY_TOMOYO_MAX_AUDIT_LOG=1024 CONFIG_KVM_MMU_AUDIT=y but audit daemon is not installed on my system. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=789833 https://bugzilla.novell.com/show_bug.cgi?id=789833#c6 Erwin Van de Velde changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |NEW InfoProvider|mc@suse.com | --- Comment #6 from Erwin Van de Velde 2013-01-08 15:29:21 UTC --- What info is expected further? I do not see what more can be given at this time. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=789833 https://bugzilla.novell.com/show_bug.cgi?id=789833#c8 Thorsten Kukuk changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |NEW InfoProvider|mc@suse.com | --- Comment #8 from Thorsten Kukuk 2013-01-11 14:14:03 UTC --- (In reply to comment #4)

Dec 18 16:06:45 zelva pure-ftpd: pam_loginuid(pure-ftpd:session): set_loginuid failed

This says everything. pam_loginuid is not allowed to write into /proc/self/loginuid Either the system/kernel is wrong configured or pure-ftpd drops the privilegs in the wrong place, don't know. But this has nothing to do with PAM at all. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=789833 https://bugzilla.novell.com/show_bug.cgi?id=789833#c10 Michal Vyskocil changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED --- Comment #10 from Michal Vyskocil 2013-01-21 15:27:10 UTC --- (In reply to comment #8)

(In reply to comment #4)

...

Dec 18 16:06:45 zelva pure-ftpd: pam_loginuid(pure-ftpd:session): set_loginuid failed

This says everything. pam_loginuid is not allowed to write into /proc/self/loginuid

At least /proc is mounted as rw according /proc/pid/mount

Either the system/kernel is wrong configured or pure-ftpd drops the privilegs in the wrong place, don't know. But this has nothing to do with PAM at all.

and capabilities seems to have CAP_AUDIT_WRITE, so I'm not sure why pam_loginuid fails ... Needs some investigation. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=789833 https://bugzilla.novell.com/show_bug.cgi?id=789833#c12 --- Comment #12 from denixx baykin 2013-01-22 09:55:42 UTC --- Do you need any help? I have 12.2 and using pure-ftpd installed. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=789833 https://bugzilla.novell.com/show_bug.cgi?id=789833#c14 Michal Vyskocil changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |RESOLVED InfoProvider|maintenance@opensuse.org | Resolution| |FIXED --- Comment #14 from Michal Vyskocil 2013-01-23 08:55:19 UTC --- sent fixed packages factory: 149628 12.2: 149629 12.1: 149630 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=789833 https://bugzilla.novell.com/show_bug.cgi?id=789833#c16 --- Comment #16 from Swamp Workflow Management 2013-01-31 16:07:04 UTC --- openSUSE-RU-2013:0221-1: An update that has one recommended fix can now be installed. Category: recommended (low) Bug References: 789833 CVE References: Sources used: openSUSE 12.2 (src): pure-ftpd-1.0.36-3.4.1 openSUSE 12.1 (src): pure-ftpd-1.0.32-5.4.1 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=789833 https://bugzilla.novell.com/show_bug.cgi?id=789833#c18 --- Comment #18 from Dion Kant 2014-01-19 13:49:49 UTC --- To give it another try, I used pure-ftpd-1.0.36-8.1.1.src.rpm from openSUSE 12.3 to build pure-ftpd-1.0.36-8.1.1.x86_64.rpm on openSUSE 12.2. Also with this, I run into the same issue with PAMAuthentication: ftp:/etc/pure-ftpd # ftp localhost Trying ::1... ftp: connect to address ::1: Connection refused Trying 127.0.0.1... Connected to localhost. 220-Welcome to Pure-FTPd. 220-You are user number 1 of 50 allowed. 220-Local time is now 14:45. Server port: 21. 220-This is a private system - No anonymous login 220 You will be disconnected after 15 minutes of inactivity. Name (localhost:root): dion 331 User dion OK. Password required Password: 230-This server supports FXP transfers 230 OK. Current restricted directory is / 421 Service not available, remote server has closed connection. ftp: No control connection for command. ftp: No control connection for command. ftp> It is ok with UnixAuthentication: ftp:/etc/pure-ftpd # ftp localhost Trying ::1... ftp: connect to address ::1: Connection refused Trying 127.0.0.1... Connected to localhost. 220-Welcome to Pure-FTPd. 220-You are user number 2 of 50 allowed. 220-Local time is now 14:47. Server port: 21. 220-This is a private system - No anonymous login 220 You will be disconnected after 15 minutes of inactivity. Name (localhost:root): dion 331 User dion OK. Password required Password: 230-This server supports FXP transfers 230 OK. Current restricted directory is / Remote system type is UNIX. Using binary mode to transfer files. ftp> -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.