[Bug 1046959] New: pam_xauth.so is not found for sudo
http://bugzilla.opensuse.org/show_bug.cgi?id=1046959 Bug ID: 1046959 Summary: pam_xauth.so is not found for sudo Classification: openSUSE Product: openSUSE Distribution Version: Leap 42.3 Hardware: x86-64 OS: SUSE Other Status: NEW Severity: Normal Priority: P5 - None Component: Basesystem Assignee: bnc-team-screening@forge.provo.novell.com Reporter: reply@xmlboard.org QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- sudo -u build bash sudo: pam_open_session: Permission denied sudo: policy plugin failed session initialization syslog shows: sudo: PAM _pam_load_conf_file: unable to open config for pam_xauth.so strace: strace -f -ttt 2>&1 sudo -u build bash | grep open | grep xauth 1498926080.946499 open("/etc/pam.d/pam_xauth.so", O_RDONLY) = -1 ENOENT (No such file or directory) 1498926080.946524 open("/usr/lib/pam.d/pam_xauth.so", O_RDONLY) = -1 ENOENT (No such file or directory) => pam search for pam_xauth.so in /usr/lib/pam.d and /etc/pam.d/ instead of /lib64/security -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1046959
http://bugzilla.opensuse.org/show_bug.cgi?id=1046959#c2
--- Comment #2 from Gordon Ashley
http://bugzilla.opensuse.org/show_bug.cgi?id=1046959
http://bugzilla.opensuse.org/show_bug.cgi?id=1046959#c3
Josef Möllers
cat /etc/pam.d/sudo
#%PAM-1.0 auth include common-auth account include common-account password include common-password session include common-session session include pam_xauth.so ^^^^^^^ There's the culprit! Change this to "optional".
this file is default after new install. I did not change it.
I'll check where this comes from. It's definitely wrong.
I've created a dummy file:
cat /usr/lib/pam.d/pam_xauth.so
When you change the "include" to "optional", this will be fixed as well:
(location taken from strace log). Now I can sudo -u user and get no error, however X credentials are not forwarded.
I'll need to install 42.3 to see what happened. For the time being the solution is stated above. Josef -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1046959
http://bugzilla.opensuse.org/show_bug.cgi?id=1046959#c4
Josef Möllers
participants (1)
-
bugzilla_noreply@novell.com