** Bug watch removed: Debian Bug tracker #931899 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931899
** Bug watch removed: Debian Bug tracker #674857 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=674857 ** Changed in: pam (Ubuntu Focal) Importance: Undecided => Low -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to pam in Ubuntu. https://bugs.launchpad.net/bugs/1860826 Title: pam_unix(sudo:auth): Couldn't open /etc/securetty: No such file or directory Status in pam package in Ubuntu: Fix Released Status in pam source package in Focal: Fix Committed Status in pam source package in Groovy: Won't Fix Status in pam package in Debian: Fix Released Bug description: [Impact] Removal of the /etc/securetty file from the system results in useless log messages whenever pam_unix is invoked, which for some systems is quite a lot of logging. /etc/securetty is not coming back, and this is not an error. [Test Plan] 1. Run 'sudo -s'. Confirm that 'journalctl | grep sudo.*securetty' returns a line 'sudo[...]: pam_unix(sudo:auth): Couldn't open /etc/securetty: No such file or directory'. 2. Install libpam-modules update from -proposed. 3. Confirm that 'grep nullok_secure' /etc/pam.d/common-auth returns no lines. 4. Run 'sudo -k'. 5. Run 'sudo -s' again. 6. Confirm that sudo succeeds and gives you a root shell. 7. Confirm that 'journalctl | grep sudo.*securetty' does not show any new lines. [Where problems could occur] PAM is a sensitive package because it's used in all authentication operations on the system. A bug here could render a user unable to log in to their system. Risks are mitigated by: - including a patch that treats the obsolete 'nullok_secure' as an alias for 'nullok' to ensure any user-edited configurations continue to work rather than throwing errors about unknown options - editing the system-managed /etc/pam.d/common-auth config to use 'nullok' instead of 'nullok_secure' for future compatibility. Because we are editing the system config, this could also cause issues on future upgrades with undesirable prompts to the user. However, the maintainer scripts are not meant to prompt on changes to the pam- config, and this code has been in Debian for a while with no reports of problems. [Original description] Hello, after upgrading to focal I found the following in my journalctl output: Jan 24 23:07:00 millbarge sudo[32120]: pam_unix(sudo:auth): Couldn't open /etc/securetty: No such file or directory Jan 24 23:07:01 millbarge sudo[32120]: pam_unix(sudo:auth): Couldn't open /etc/securetty: No such file or directory The login package stopped packaging this file: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=731656 and now forcibly removes the file: https://paste.ubuntu.com/p/myh9cGWrHD/ However, the pam package's pam_unix.so module has not yet been adapted to ignore this file: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=674857#25 Thanks ProblemType: Bug DistroRelease: Ubuntu 20.04 Package: libpam-modules 1.3.1-5ubuntu4 ProcVersionSignature: Ubuntu 5.4.0-9.12-generic 5.4.3 Uname: Linux 5.4.0-9-generic x86_64 NonfreeKernelModules: zfs zunicode zavl icp zcommon znvpair ApportVersion: 2.20.11-0ubuntu15 Architecture: amd64 Date: Fri Jan 24 23:35:33 2020 ProcEnviron: TERM=rxvt-unicode-256color PATH=(custom, no user) XDG_RUNTIME_DIR=<set> LANG=en_US.UTF-8 SHELL=/bin/bash SourcePackage: pam UpgradeStatus: Upgraded to focal on 2020-01-24 (0 days ago) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pam/+bug/1860826/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
