It works: # witness the original bug while running `sudo -i` in another session: sdeziel@xeon:~$ tail -f /var/log/auth.log | grep pam Sep 28 16:56:52 xeon sudo: pam_unix(sudo:auth): Couldn't open /etc/securetty: No such file or directory Sep 28 16:56:53 xeon sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
# install from -proposed: root@xeon:~# apt-get install libpam0g libpam-runtime libpam-modules-bin libpam-modules Reading package lists... Done Building dependency tree Reading state information... Done Suggested packages: libpam-doc (1.3.1-5ubuntu4.3) Recommended packages: update-motd (3.6-0ubuntu6.1) The following packages will be upgraded: libpam-modules (1.3.1-5ubuntu4.2 => 1.3.1-5ubuntu4.3) libpam-modules-bin (1.3.1-5ubuntu4.2 => 1.3.1-5ubuntu4.3) libpam-runtime (1.3.1-5ubuntu4.2 => 1.3.1-5ubuntu4.3) libpam0g (1.3.1-5ubuntu4.2 => 1.3.1-5ubuntu4.3) 4 upgraded, 0 newly installed, 0 to remove and 3 not upgraded. Need to get 394 kB of archives. After this operation, 0 B of additional disk space will be used. Get:1 http://us.archive.ubuntu.com/ubuntu focal-proposed/main amd64 libpam0g amd64 1.3.1-5ubuntu4.3 [55.4 kB] Get:2 http://us.archive.ubuntu.com/ubuntu focal-proposed/main amd64 libpam-modules-bin amd64 1.3.1-5ubuntu4.3 [41.2 kB] Get:3 http://us.archive.ubuntu.com/ubuntu focal-proposed/main amd64 libpam-modules amd64 1.3.1-5ubuntu4.3 [260 kB] Get:4 http://us.archive.ubuntu.com/ubuntu focal-proposed/main amd64 libpam-runtime all 1.3.1-5ubuntu4.3 [37.3 kB] Fetched 394 kB in 1s (477 kB/s) Preconfiguring packages ... (Reading database ... 53805 files and directories currently installed.) Preparing to unpack .../libpam0g_1.3.1-5ubuntu4.3_amd64.deb ... Unpacking libpam0g:amd64 (1.3.1-5ubuntu4.3) over (1.3.1-5ubuntu4.2) ... Setting up libpam0g:amd64 (1.3.1-5ubuntu4.3) ... (Reading database ... 53805 files and directories currently installed.) Preparing to unpack .../libpam-modules-bin_1.3.1-5ubuntu4.3_amd64.deb ... Unpacking libpam-modules-bin (1.3.1-5ubuntu4.3) over (1.3.1-5ubuntu4.2) ... Setting up libpam-modules-bin (1.3.1-5ubuntu4.3) ... (Reading database ... 53805 files and directories currently installed.) Preparing to unpack .../libpam-modules_1.3.1-5ubuntu4.3_amd64.deb ... Unpacking libpam-modules:amd64 (1.3.1-5ubuntu4.3) over (1.3.1-5ubuntu4.2) ... Setting up libpam-modules:amd64 (1.3.1-5ubuntu4.3) ... (Reading database ... 53805 files and directories currently installed.) Preparing to unpack .../libpam-runtime_1.3.1-5ubuntu4.3_all.deb ... Unpacking libpam-runtime (1.3.1-5ubuntu4.3) over (1.3.1-5ubuntu4.2) ... Setting up libpam-runtime (1.3.1-5ubuntu4.3) ... Processing triggers for man-db (2.9.1-1) ... Processing triggers for libc-bin (2.31-0ubuntu9.3) ... ... # confirm the fix by opening another session with `sudo -i`: sdeziel@xeon:~$ tail -f /var/log/auth.log | grep pam Sep 28 18:28:51 xeon sudo: pam_unix(sudo:session): session opened for user root by (uid=0) ** Tags removed: verification-needed verification-needed-focal ** Tags added: verification-done verification-done-focal -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to pam in Ubuntu. https://bugs.launchpad.net/bugs/1860826 Title: pam_unix(sudo:auth): Couldn't open /etc/securetty: No such file or directory Status in pam package in Ubuntu: Fix Released Status in pam source package in Focal: Fix Committed Status in pam source package in Groovy: Won't Fix Status in pam package in Debian: Fix Released Bug description: [Impact] Removal of the /etc/securetty file from the system results in useless log messages whenever pam_unix is invoked, which for some systems is quite a lot of logging. /etc/securetty is not coming back, and this is not an error. [Test Plan] 1. Run 'sudo -s'. Confirm that 'journalctl | grep sudo.*securetty' returns a line 'sudo[...]: pam_unix(sudo:auth): Couldn't open /etc/securetty: No such file or directory'. 2. Install libpam-modules update from -proposed. 3. Confirm that 'grep nullok_secure' /etc/pam.d/common-auth returns no lines. 4. Run 'sudo -k'. 5. Run 'sudo -s' again. 6. Confirm that sudo succeeds and gives you a root shell. 7. Confirm that 'journalctl | grep sudo.*securetty' does not show any new lines. [Where problems could occur] PAM is a sensitive package because it's used in all authentication operations on the system. A bug here could render a user unable to log in to their system. Risks are mitigated by: - including a patch that treats the obsolete 'nullok_secure' as an alias for 'nullok' to ensure any user-edited configurations continue to work rather than throwing errors about unknown options - editing the system-managed /etc/pam.d/common-auth config to use 'nullok' instead of 'nullok_secure' for future compatibility. Because we are editing the system config, this could also cause issues on future upgrades with undesirable prompts to the user. However, the maintainer scripts are not meant to prompt on changes to the pam- config, and this code has been in Debian for a while with no reports of problems. [Original description] Hello, after upgrading to focal I found the following in my journalctl output: Jan 24 23:07:00 millbarge sudo[32120]: pam_unix(sudo:auth): Couldn't open /etc/securetty: No such file or directory Jan 24 23:07:01 millbarge sudo[32120]: pam_unix(sudo:auth): Couldn't open /etc/securetty: No such file or directory The login package stopped packaging this file: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=731656 and now forcibly removes the file: https://paste.ubuntu.com/p/myh9cGWrHD/ However, the pam package's pam_unix.so module has not yet been adapted to ignore this file: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=674857#25 Thanks ProblemType: Bug DistroRelease: Ubuntu 20.04 Package: libpam-modules 1.3.1-5ubuntu4 ProcVersionSignature: Ubuntu 5.4.0-9.12-generic 5.4.3 Uname: Linux 5.4.0-9-generic x86_64 NonfreeKernelModules: zfs zunicode zavl icp zcommon znvpair ApportVersion: 2.20.11-0ubuntu15 Architecture: amd64 Date: Fri Jan 24 23:35:33 2020 ProcEnviron: TERM=rxvt-unicode-256color PATH=(custom, no user) XDG_RUNTIME_DIR=<set> LANG=en_US.UTF-8 SHELL=/bin/bash SourcePackage: pam UpgradeStatus: Upgraded to focal on 2020-01-24 (0 days ago) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pam/+bug/1860826/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
