This bug was fixed in the package pam - 1.3.1-5ubuntu4.3
---------------
pam (1.3.1-5ubuntu4.3) focal; urgency=medium
* Correctly document current VCS in debian/control.
* Drop patches to implement "nullok_secure" option for pam_unix.
Closes: #674857, #936071, LP: #1860826.
* debian/patches-applied/nullok_secure-compat.patch: Support
nullok_secure as a deprecated alias for nullok.
* debian/pam-configs/unix: use nullok, not nullok_secure.
* extrausers.patch: update for compatibility with the removal of
nullok_secure.
-- Steve Langasek <steve.langa...@ubuntu.com> Thu, 16 Sep 2021
23:14:49 -0700
** Changed in: pam (Ubuntu Focal)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to pam in Ubuntu.
https://bugs.launchpad.net/bugs/1860826
Title:
pam_unix(sudo:auth): Couldn't open /etc/securetty: No such file or
directory
Status in pam package in Ubuntu:
Fix Released
Status in pam source package in Focal:
Fix Released
Status in pam source package in Groovy:
Won't Fix
Status in pam package in Debian:
Fix Released
Bug description:
[Impact]
Removal of the /etc/securetty file from the system results in useless log
messages whenever pam_unix is invoked, which for some systems is quite a lot of
logging. /etc/securetty is not coming back, and this is not an error.
[Test Plan]
1. Run 'sudo -s'. Confirm that 'journalctl | grep sudo.*securetty' returns a
line 'sudo[...]: pam_unix(sudo:auth): Couldn't open /etc/securetty: No such
file or directory'.
2. Install libpam-modules update from -proposed.
3. Confirm that 'grep nullok_secure' /etc/pam.d/common-auth returns no lines.
4. Run 'sudo -k'.
5. Run 'sudo -s' again.
6. Confirm that sudo succeeds and gives you a root shell.
7. Confirm that 'journalctl | grep sudo.*securetty' does not show any new
lines.
[Where problems could occur]
PAM is a sensitive package because it's used in all authentication operations
on the system. A bug here could render a user unable to log in to their system.
Risks are mitigated by:
- including a patch that treats the obsolete 'nullok_secure' as an alias for
'nullok' to ensure any user-edited configurations continue to work rather than
throwing errors about unknown options
- editing the system-managed /etc/pam.d/common-auth config to use 'nullok'
instead of 'nullok_secure' for future compatibility.
Because we are editing the system config, this could also cause issues
on future upgrades with undesirable prompts to the user. However, the
maintainer scripts are not meant to prompt on changes to the pam-
config, and this code has been in Debian for a while with no reports
of problems.
[Original description]
Hello, after upgrading to focal I found the following in my journalctl output:
Jan 24 23:07:00 millbarge sudo[32120]: pam_unix(sudo:auth): Couldn't open
/etc/securetty: No such file or directory
Jan 24 23:07:01 millbarge sudo[32120]: pam_unix(sudo:auth): Couldn't open
/etc/securetty: No such file or directory
The login package stopped packaging this file:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=731656
and now forcibly removes the file:
https://paste.ubuntu.com/p/myh9cGWrHD/
However, the pam package's pam_unix.so module has not yet been adapted to
ignore this file:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=674857#25
Thanks
ProblemType: Bug
DistroRelease: Ubuntu 20.04
Package: libpam-modules 1.3.1-5ubuntu4
ProcVersionSignature: Ubuntu 5.4.0-9.12-generic 5.4.3
Uname: Linux 5.4.0-9-generic x86_64
NonfreeKernelModules: zfs zunicode zavl icp zcommon znvpair
ApportVersion: 2.20.11-0ubuntu15
Architecture: amd64
Date: Fri Jan 24 23:35:33 2020
ProcEnviron:
TERM=rxvt-unicode-256color
PATH=(custom, no user)
XDG_RUNTIME_DIR=<set>
LANG=en_US.UTF-8
SHELL=/bin/bash
SourcePackage: pam
UpgradeStatus: Upgraded to focal on 2020-01-24 (0 days ago)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/pam/+bug/1860826/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
