Welcome to the most active Linux Forum on the web.
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 06-28-2007, 10:50 AM   #1
Registered: Aug 2004
Location: Bern, Switzerland
Distribution: Kubuntu, FC, RHEL
Posts: 48
Blog Entries: 2

Rep: Reputation: 17 not playing nice with gnome-screensaver??

Hello all,

I've configured pam on our new RHEL5 and found out that everything works as expected, except with the gnome-screensaver. I've then configured /etc/pam.d/gnome-screensaver separately to find out why.

Here's the file:

# Fedora Core
#auth        include       system-auth
auth        required
auth        required onerr=succeed
auth        sufficient nullok try_first_pass likeauth
auth        requisite uid >= 500 quiet
auth        required

account    include      system-auth
password   include      system-auth
session    include      system-auth

# SuSE/Novell
#auth       include      common-auth
#account    include      common-account
#password   include      common-password
#session    include      common-session
I've found out that if I have "onerr=fail" as it is in system-auth, it wouldn't work, with onerr=succeed it works. So where does it fail?

/var/log/secure gives the answer:

gnome-screensaver-dialog: pam_tally(gnome-screensaver:account): Error opening /var/log/faillog for update
ll /var/log/faillog
-rw------- 1 root root 3196800 Jun 28 16:42 /var/log/faillog
I don't see anything wrong here, the login programs must have the according suid-bit so that they can write in this file. At least ssh-logins work on the machine with a regular user.

So, does the login program of the gnome-screensaver-dialog not have the suid bit? Or am I searching on the wrong path?

Any help is welcome.

I did another test which confirmed that it tries to write with my regular user:
chmod 777 /var/log
rm /var/log/faillog
(login through screensaver)
ll /var/log/faillog
-rw------- 1 myuser myuser 25632 Jun 29 08:52 /var/log/faillog
Doing the same but logging in as regular user through ssh will create the file with root:root as the owner.

Setting the rights on the file as 666 won't help either, because it will trigger another error message, namely "/var/log/faillog is either world writable or not a normal file"

Last edited by ricky_ds; 06-29-2007 at 02:58 AM.
Old 06-29-2007, 03:11 AM   #2
Registered: Aug 2004
Location: Bern, Switzerland
Distribution: Kubuntu, FC, RHEL
Posts: 48
Blog Entries: 2

Original Poster
Rep: Reputation: 17
solved: known bug, workaround: not use pam_tally

Found out here
that the thing with the gnome-screensaver and other programs is a known issue.
1 members found this post helpful.


login, pam, screensaver

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
server not playing nice!!! Raouligan Linux - Server 1 03-17-2007 07:57 AM
Ubuntu and XP not playing nice. kojima Linux - Distributions 8 10-13-2004 06:29 PM
Grub and XP not playing nice kojima Linux - Software 1 10-13-2004 10:07 AM
Gmplayer Not Playing Nice With Fluxbox 0.9.7 Crashed_Again Linux - Software 3 01-13-2004 01:50 PM
Windows not playing nice.... absolute0net Linux - Networking 0 07-07-2003 09:03 AM

All times are GMT -5. The time now is 04:01 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration