[Desktop-packages] [Bug 1281700] Re: policykit-1 is not aware of groups assigned by pam_group
This issue has been giving me serious headache.. trying to allow our ldap users (mainly over 200 staffs) able to manage their printing services (enable, disable, add printers) without having to call "IT" currently that is impossible. -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to policykit-1 in Ubuntu. https://bugs.launchpad.net/bugs/1281700 Title: policykit-1 is not aware of groups assigned by pam_group Status in “policykit-1” package in Ubuntu: Confirmed Bug description: I'm using pam_group for my ldap users so that they get assigned default ubuntu groups: $ tail -n2 /etc/security/group.conf # add LDAP users to these default groups, but don't give them admin rights. "*;*;*;Al-2400;audio,video,cdrom,plugdev,fuse" These additional group IDs are assigned correctly: $ id uid=6007(myusername) gid=6000(ldapgroup) groups=6000(ldapgroup),24(cdrom),29(audio),44(video),46(plugdev),104(fuse) Based on these additional groups, I'm trying to give certain user groups the necessary permissions to execute program, using policykit-1. Unfortunately, policykit does seem to only 'see' / 'be aware' of the primary group that the user belongs to (and not those additional groups that are assigend via /etc/security/group.conf). This works (users can start the program): [AllowUsertoDoSomething] Identity=unix-group:ldapgroup This doesn't work (users are asked to provide the administrator password): [AllowUsertoDoSomething] Identity=unix-group:plugdev I suspect that this has something to do with the fact that 'id' does return conflicting information about groups: # call id without username, returns all groups, including the ones defined in /etc/security/group.conf $ id uid=6007(myusername) gid=6000(ldapgroup) groups=6000(ldapgroup),24(cdrom),29(audio),44(video),46(plugdev),104(fuse) # call id with username, only ldap groups are returned, the ones defined in /etc/security/group.conf are missing. $ id myusername uid=6007(myusername) gid=6000(ldapgroup) groups=6000(ldapgroup) My suspicion is that policykit-1 is calling "id user" (or a similar command) and "sees" only the main ldap groups. I did not expect this behavior, because /etc/pam.d/polkit-1 does include /etc/pam.d/common-auth (which includes the "auth optional pam_group.so" line) This is Ubuntu 12.04.3 with all latest updates. Any help and suggestions are appreciated. $ lsb_release -rd Description: Ubuntu 12.04.3 LTS Release: 12.04 $ apt-cache policy policykit-1 policykit-1: Installed: 0.104-1ubuntu1.1 Candidate: 0.104-1ubuntu1.1 --- ApportVersion: 2.0.1-0ubuntu17.4 Architecture: amd64 DistroRelease: Ubuntu 12.04 MarkForUpload: True NonfreeKernelModules: nvidia Package: policykit-1 0.104-1ubuntu1.1 PackageArchitecture: amd64 ProcEnviron: LANGUAGE=en_US:en TERM=xterm PATH=(custom, no user) LANG=en_US.UTF-8 SHELL=/bin/bash ProcVersionSignature: Ubuntu 3.5.0-41.64~precise1-generic 3.5.7.21 Tags: precise Uname: Linux 3.5.0-41-generic x86_64 UpgradeStatus: No upgrade log present (probably fresh install) UserGroups: To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/policykit-1/+bug/1281700/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1050243] Re: unable to retype login details on lightdm with userlist disabled
Just want to add that if I typed the right username and only make a mistake in typing the password. The lightdm greeter gives an incorrect password message and continues to give this error until the right password is given. I think this is a serious security flaw. A username should be part of the security of a user, hence it is not ideal for the login manager to give any intruder an idea that the right username has been entered. The normal way is to give a username or password may be incorrect error message and then reset the login screen to allow the user re-enter the login details. I have added an image to better explain the issue ** Attachment added: "screenshot" https://bugs.launchpad.net/ubuntu/+source/lightdm/+bug/1050243/+attachment/3311940/+files/IMG_20120913_084825.jpg -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to lightdm in Ubuntu. https://bugs.launchpad.net/bugs/1050243 Title: unable to retype login details on lightdm with userlist disabled Status in “lightdm” package in Ubuntu: New Bug description: Its impossible to retype the login details if a mistake during login on lightdm with userlist disabled. I noticed this problem on Xubuntu 12.04. This bug can be reproduced always. I noticed it while trying to setup a laptop image for my institute. We disabled the userlist for lightdm for security purpose so that users would have to manually type in their username. I noticed that if I made a mistake while typing the user credentials (whether in the password or username) the lightdm gives me the username/password incorrect error but it does not provide me the username dialog box so that I can start all over again. What I get instead is a message that asks me to retype the password (which should not be the case because sometimes the mistake was in the username not the password) When this happens the best way to login is either to switch to console mode and restart lightdm, or to reboot the computer completely. I think this is a major bug which will affect many people who use Ubuntu (or in my case xubuntu) in enterprise. ProblemType: Bug DistroRelease: Ubuntu 12.04 Package: lightdm 1.2.1-0ubuntu1.1 ProcVersionSignature: Ubuntu 3.2.0-30.48-generic 3.2.27 Uname: Linux 3.2.0-30-generic i686 ApportVersion: 2.0.1-0ubuntu12 Architecture: i386 Date: Thu Sep 13 08:33:50 2012 InstallationMedia: Xubuntu 12.04 LTS "Precise Pangolin" - Release i386 (20120423) SourcePackage: lightdm UpgradeStatus: No upgrade log present (probably fresh install) mtime.conffile..etc.lightdm.users.conf: 2012-09-13T08:05:01.783164 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lightdm/+bug/1050243/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1050243] Re: unable to retype login details on lightdm with userlist disabled
-- You received this bug notification because you are a member of Desktop Packages, which is subscribed to lightdm in Ubuntu. https://bugs.launchpad.net/bugs/1050243 Title: unable to retype login details on lightdm with userlist disabled Status in “lightdm” package in Ubuntu: New Bug description: Its impossible to retype the login details if a mistake during login on lightdm with userlist disabled. I noticed this problem on Xubuntu 12.04. This bug can be reproduced always. I noticed it while trying to setup a laptop image for my institute. We disabled the userlist for lightdm for security purpose so that users would have to manually type in their username. I noticed that if I made a mistake while typing the user credentials (whether in the password or username) the lightdm gives me the username/password incorrect error but it does not provide me the username dialog box so that I can start all over again. What I get instead is a message that asks me to retype the password (which should not be the case because sometimes the mistake was in the username not the password) When this happens the best way to login is either to switch to console mode and restart lightdm, or to reboot the computer completely. I think this is a major bug which will affect many people who use Ubuntu (or in my case xubuntu) in enterprise. ProblemType: Bug DistroRelease: Ubuntu 12.04 Package: lightdm 1.2.1-0ubuntu1.1 ProcVersionSignature: Ubuntu 3.2.0-30.48-generic 3.2.27 Uname: Linux 3.2.0-30-generic i686 ApportVersion: 2.0.1-0ubuntu12 Architecture: i386 Date: Thu Sep 13 08:33:50 2012 InstallationMedia: Xubuntu 12.04 LTS "Precise Pangolin" - Release i386 (20120423) SourcePackage: lightdm UpgradeStatus: No upgrade log present (probably fresh install) mtime.conffile..etc.lightdm.users.conf: 2012-09-13T08:05:01.783164 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lightdm/+bug/1050243/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1050243] [NEW] unable to retype login details on lightdm with userlist disabled
Public bug reported: Its impossible to retype the login details if a mistake during login on lightdm with userlist disabled. I noticed this problem on Xubuntu 12.04. This bug can be reproduced always. I noticed it while trying to setup a laptop image for my institute. We disabled the userlist for lightdm for security purpose so that users would have to manually type in their username. I noticed that if I made a mistake while typing the user credentials (whether in the password or username) the lightdm gives me the username/password incorrect error but it does not provide me the username dialog box so that I can start all over again. What I get instead is a message that asks me to retype the password (which should not be the case because sometimes the mistake was in the username not the password) When this happens the best way to login is either to switch to console mode and restart lightdm, or to reboot the computer completely. I think this is a major bug which will affect many people who use Ubuntu (or in my case xubuntu) in enterprise. ProblemType: Bug DistroRelease: Ubuntu 12.04 Package: lightdm 1.2.1-0ubuntu1.1 ProcVersionSignature: Ubuntu 3.2.0-30.48-generic 3.2.27 Uname: Linux 3.2.0-30-generic i686 ApportVersion: 2.0.1-0ubuntu12 Architecture: i386 Date: Thu Sep 13 08:33:50 2012 InstallationMedia: Xubuntu 12.04 LTS "Precise Pangolin" - Release i386 (20120423) SourcePackage: lightdm UpgradeStatus: No upgrade log present (probably fresh install) mtime.conffile..etc.lightdm.users.conf: 2012-09-13T08:05:01.783164 ** Affects: lightdm (Ubuntu) Importance: Undecided Status: New ** Tags: apport-bug i386 precise -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to lightdm in Ubuntu. https://bugs.launchpad.net/bugs/1050243 Title: unable to retype login details on lightdm with userlist disabled Status in “lightdm” package in Ubuntu: New Bug description: Its impossible to retype the login details if a mistake during login on lightdm with userlist disabled. I noticed this problem on Xubuntu 12.04. This bug can be reproduced always. I noticed it while trying to setup a laptop image for my institute. We disabled the userlist for lightdm for security purpose so that users would have to manually type in their username. I noticed that if I made a mistake while typing the user credentials (whether in the password or username) the lightdm gives me the username/password incorrect error but it does not provide me the username dialog box so that I can start all over again. What I get instead is a message that asks me to retype the password (which should not be the case because sometimes the mistake was in the username not the password) When this happens the best way to login is either to switch to console mode and restart lightdm, or to reboot the computer completely. I think this is a major bug which will affect many people who use Ubuntu (or in my case xubuntu) in enterprise. ProblemType: Bug DistroRelease: Ubuntu 12.04 Package: lightdm 1.2.1-0ubuntu1.1 ProcVersionSignature: Ubuntu 3.2.0-30.48-generic 3.2.27 Uname: Linux 3.2.0-30-generic i686 ApportVersion: 2.0.1-0ubuntu12 Architecture: i386 Date: Thu Sep 13 08:33:50 2012 InstallationMedia: Xubuntu 12.04 LTS "Precise Pangolin" - Release i386 (20120423) SourcePackage: lightdm UpgradeStatus: No upgrade log present (probably fresh install) mtime.conffile..etc.lightdm.users.conf: 2012-09-13T08:05:01.783164 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lightdm/+bug/1050243/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
