Re: [gentoo-user] Can't login from terminal?
On Fri, 13 Feb 2009 15:43:49 +0800 Chuanwen Wu wrote: > Hi, here is the root infomation in my /etc/passwd: > root:x:0:0:root:/root:/bin/bash Looks okay, can't see anything wrong in bash configs, too. > I got the login information below from the tail of /var/log/messages: ... I believe this clearly shows that pam shouldn't be the issue, but something that gets launched (and that should be shell) is. I don't know if there are any issues with bash and I rarely use it myself (only as a login shell on debian machines, 'cause they have it on root, installing zsh to usr), but prehaps there are in some bugzilla. Also, I can assume that getty somehow fails to launch /bin/login correctly or /bin/login somehow fails. You can check that getty (agetty, in gentoo), not something else, gets launched from /etc/inittab and recompile it, just in case. Then you can try recompiling the shadow package, since /bin/login, which should launch the shell belongs to it. You can also check if it's possible to make agetty run something else, then /bin/login (should be), and launch 'strace /bin/login' instead, or just run agetty through 'strace -f', which'll show you all the kernel calls it uses and if there are any failures. I've found some obscure mistakes (my mistakes, always) that way, but it might be quite time-consuming. -- Mike Kazantsev // fraggod.net
Re: [gentoo-user] Can't login from terminal?
HI, thanks!
On Fri, Feb 13, 2009 at 3:11 PM, Mike Kazantsev
wrote:
> On Fri, 13 Feb 2009 13:15:12 +0800
> Chuanwen Wu wrote:
>
>> Could you please give more details? How to change it to something
>> default?
>
> Well, that's pretty much the basics...
> Shells for each system user are defined in /etc/passwd, which should be
> edited by 'vipw' command.
>
> What I've meant is the case, when you, or something else changed
> '/etc/passwd', replacing '/bin/bash' with something like
> '/sbin/nologin' or some other path, which is not a valid shell.
Hi, here is the root infomation in my /etc/passwd:
root:x:0:0:root:/root:/bin/bash
>
> Actually, ssh shouldn't work with invalid shell like that as well, but
> one, for example, can add some commands to ".bashrc" which will work
> only in ssh environment (using some env vars, set by ssh, for example).
>
> Then, there might be some ssh-only shell, so I'd suggest to set shell
> to '/bin/sh' (which is actually bash, for gentoo) and disable all the
> configs it's using, like '~/.bashrc' or '/etc/bashrc' (see 'man bash',
> for full list).
In the /root, there is no .bashrc, and in other users' home, the
.bashrc is normal:
/***
$ cat /home/wcw/.bashrc
# /etc/skel/.bashrc
#
# This file is sourced by all *interactive* bash shells on startup,
# including some apparently interactive shells such as scp and rcp
# that can't tolerate any output. So make sure this doesn't display
# anything or bad things will happen !
# Test for an interactive shell. There is no need to set anything
# past this point for scp and rcp, and it's important to refrain from
# outputting anything in those cases.
if [[ $- != *i* ]] ; then
# Shell is non-interactive. Be done now!
return
fi
# Put your fun stuff here.
/*/
> Also, Neil has made a good point that there might be something
> in /etc/profile, which is usually sourced by all bash-like shells.
Here is my /etc/profile, which I think is normal, too:
/*/
# cat /etc/profile
# /etc/profile: login shell setup
#
# That this file is used by any Bourne-shell derivative to setup the
# environment for login shells.
#
# Load environment settings from profile.env, which is created by
# env-update from the files in /etc/env.d
if [ -e /etc/profile.env ] ; then
. /etc/profile.env
fi
# 077 would be more secure, but 022 is generally quite realistic
umask 022
# Set up PATH depending on whether we're root or a normal user.
# There's no real reason to exclude sbin paths from the normal user,
# but it can make tab-completion easier when they aren't in the
# user's PATH to pollute the executable namespace.
#
# It is intentional in the following line to use || instead of -o.
# This way the evaluation can be short-circuited and calling whoami is
# avoided.
if [ "$EUID" = "0" ] || [ "$USER" = "root" ] ; then
PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:${ROOTPATH}"
else
PATH="/usr/local/bin:/usr/bin:/bin:${PATH}"
fi
export PATH
unset ROOTPATH
# Extract the value of EDITOR
[ -z "$EDITOR" ] && EDITOR="`. /etc/rc.conf 2>/dev/null; echo $EDITOR`"
[ -z "$EDITOR" ] && EDITOR="/bin/nano"
export EDITOR
if [ -n "${BASH_VERSION}" ] ; then
# Newer bash ebuilds include /etc/bash/bashrc which will setup PS1
# including color. We leave out color here because not all
# terminals support it.
if [ -f /etc/bash/bashrc ] ; then
# Bash login shells run only /etc/profile
# Bash non-login shells run only /etc/bash/bashrc
# Since we want to run /etc/bash/bashrc regardless, we source it
# from here. It is unfortunate that there is no way to do
# this *after* the user's .bash_profile runs (without putting
# it in the user's dot-files), but it shouldn't make any
# difference.
. /etc/bash/bashrc
else
PS1='\...@\h \w \$ '
fi
else
# Setup a bland default prompt. Since this prompt should be useable
# on color and non-color terminals, as well as shells that don't
# understand sequences such as \h, don't put anything special in it.
PS1="`whoa...@`uname -n | cut -f1 -d.` \$ "
fi
for sh in /etc/profile.d/*.sh ; do
if [ -r "$sh" ] ; then
. "$sh"
fi
done
unset sh
/*/
>
> Syslog usually uses '/var/log/messages' as a collector for everything
> that is being sent to it, so I'd check that file first. And make sure
> the timestamps there are recent - it should mean that syslog is writing
> to it and is not dead.
I got the login information below from the tail of /var/log/messages:
//
Feb 13 15:47:18 Gentoo-F304-Server login[5735]:
pam_unix(login:se
Re: [gentoo-user] Can't login from terminal?
On Fri, 13 Feb 2009 13:15:12 +0800 Chuanwen Wu wrote: > Could you please give more details? How to change it to something > default? Well, that's pretty much the basics... Shells for each system user are defined in /etc/passwd, which should be edited by 'vipw' command. What I've meant is the case, when you, or something else changed '/etc/passwd', replacing '/bin/bash' with something like '/sbin/nologin' or some other path, which is not a valid shell. Actually, ssh shouldn't work with invalid shell like that as well, but one, for example, can add some commands to ".bashrc" which will work only in ssh environment (using some env vars, set by ssh, for example). Then, there might be some ssh-only shell, so I'd suggest to set shell to '/bin/sh' (which is actually bash, for gentoo) and disable all the configs it's using, like '~/.bashrc' or '/etc/bashrc' (see 'man bash', for full list). Also, Neil has made a good point that there might be something in /etc/profile, which is usually sourced by all bash-like shells. > I have checked the /var/log/faillog, which I'm not sure whether it's > the right log file, and seems it only contain binary data(I read it > from "vi /var/log/faillog"). Syslog usually uses '/var/log/messages' as a collector for everything that is being sent to it, so I'd check that file first. And make sure the timestamps there are recent - it should mean that syslog is writing to it and is not dead. 'dmesg' command is usually a good source for failure messages too, but only on kernel level (when something really nasty happens). There might be some segfaults, produced by your shell, and usually indicate programming or compilation errors. -- Mike Kazantsev // fraggod.net
Re: [gentoo-user] Can't login from terminal?
Hi, thanks! > Looks like the system is unable to launch a shell for some reason, > prehaps you can change it to something default, like /bin/sh, or just > something else if it's bash already. Could you please give more details? How to change it to something default? > > Also, I'd double-check the logs - if something fails, there shoud be a > message about it. Make sure you have syslog daemon running and not > dropping any debug messages. I have checked the /var/log/faillog, which I'm not sure whether it's the right log file, and seems it only contain binary data(I read it from "vi /var/log/faillog"). -- wcw
Re: [gentoo-user] Can't login from terminal?
On Thu, 12 Feb 2009 13:42:03 +0500, Mike Kazantsev wrote: > Looks like the system is unable to launch a shell for some reason, > prehaps you can change it to something default, like /bin/sh, or just > something else if it's bash already. Could it also be something in the bash profile causing the shell to exit? -- Neil Bothwick From the moment I picked your book up until I laid it down I was convulsed with laughter. Someday I intend reading it. signature.asc Description: PGP signature
Re: [gentoo-user] Can't login from terminal?
On Thu, 12 Feb 2009 16:28:35 +0800 Chuanwen Wu wrote: > which file has "mod_access" ? I have it in '/etc/pam.d/system-login', which is included for both local and remote connections, but I could've added it myself. > Now it don't prompt the "Password:" Looks like the system is unable to launch a shell for some reason, prehaps you can change it to something default, like /bin/sh, or just something else if it's bash already. Also, I'd double-check the logs - if something fails, there shoud be a message about it. Make sure you have syslog daemon running and not dropping any debug messages. -- Mike Kazantsev // fraggod.net
Re: [gentoo-user] Can't login from terminal?
Hi, thanks! > If you have pam on your system, then it broken > '/etc/pam.d/system-local-login' might be the cause, as well as > user-specific files there. > And if that's not the case, try commenting out pam modules like > mod_access, which can add additional access restrictions. which file has "mod_access" ? # grep mod_access /etc/* -R grep: /etc/ssl/certs/cacert.org.pem: No such file or directory grep: /etc/ssl/certs/5ed36f99.0: No such file or directory > > Also, you can probably tell if pam is the cause of a problem by > commenting out all the required modules from whole authentication chain > (usually, commenting out everything in system-auth will do) - it should > allow any access w/o password, and it's probably not pam if it > doesn't... can't really think what else it might be, though. I have commented out everything in system-auth, and still can't login, although the result is diff: /*/ This is Gentoo-Server.unknown_domain (Linux i686 2.6.26-gentoo-r1) 12:22:39 Gentoo-Server login: root Last login: Thu Feb 12:09:24 CST 2009 from node07 on pts/0 This is Gentoo-Server.unknown_domain (Linux i686 2.6.26-gentoo-r1) 12:28:36 Gentoo-Server login: /*/ Now it don't prompt the "Password:" -- wcw
Re: [gentoo-user] Can't login from terminal?
On Thu, 12 Feb 2009 12:41:17 +0800 Chuanwen Wu wrote: > My gentoo worked very well in the past two years. But today I found > that I can't login it from the terminal, but ssh login is OK. If you have pam on your system, then it broken '/etc/pam.d/system-local-login' might be the cause, as well as user-specific files there. And if that's not the case, try commenting out pam modules like mod_access, which can add additional access restrictions. Also, you can probably tell if pam is the cause of a problem by commenting out all the required modules from whole authentication chain (usually, commenting out everything in system-auth will do) - it should allow any access w/o password, and it's probably not pam if it doesn't... can't really think what else it might be, though. -- Mike Kazantsev // fraggod.net
Re: [gentoo-user] Can't login from terminal?
Hi, thanks! > man securetty /*/ # cat /etc/securetty # /etc/securetty: list of terminals on which root is allowed to login. # See securetty(5) and login(1). console vc/0 vc/1 vc/2 vc/3 vc/4 vc/5 vc/6 vc/7 vc/8 vc/9 vc/10 vc/11 vc/12 tty0 tty1 tty2 tty3 tty4 tty5 tty6 tty7 tty8 tty9 tty10 tty11 tty12 tts/0 ttyS0 /*/ This is my /etc/securetty, I think it's normal. Besides, I can't login as root, neither other user. -- wcw
Re: [gentoo-user] Can't login from terminal?
* Chuanwen Wu (wcw8...@gmail.com) [12.02.09 05:41]: > Hi, > My gentoo worked very well in the past two years. But today I found > that I can't login it from the terminal, but ssh login is OK. > > Have anybody ever encountered this problem? > Any help will be appreciate! > man securetty HTH Sebastian -- " Religion ist das Opium des Volkes. " Karl Marx s...@sti@N GÜNTHER mailto:sam...@guenther-roetgen.de pgp2W3qxh42IZ.pgp Description: PGP signature
[gentoo-user] Can't login from terminal?
Hi, My gentoo worked very well in the past two years. But today I found that I can't login it from the terminal, but ssh login is OK. I have written down the login message: /*/ This is Gentoo-Server.unknown_domain (Linux i686 2.6.26-gentoo-r1) 12:22:39 Gentoo-Server login: root Password: Last login: Thu Feb 12:09:24 CST 2009 from node07 on pts/0 This is Gentoo-Server.unknown_domain (Linux i686 2.6.26-gentoo-r1) 12:28:36 Gentoo-Server login: /*/ "node07" is another machine from which I used ssh to login the "Gentoo-Server" and as what I said above, it succeeded. Have anybody ever encountered this problem? Any help will be appreciate! -- wcw
