Download your favorite Linux distribution at LQ ISO.
Go Back > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Slackware This Forum is for the discussion of Slackware Linux.


  Search this Thread
Old 05-20-2020, 04:42 PM   #1
LQ Newbie
Registered: Sep 2012
Posts: 7

Rep: Reputation: Disabled
slackware64-current, post PAM introduction: xscreensaver complaining in log

# cat /var/log/secure
May 20 12:04:59 darkstar xscreensaver: pam_group(xscreensaver:setcred): unable to set the group membership for user: Operation not permitted
May 20 15:07:28 darkstar xscreensaver: pam_group(xscreensaver:setcred): unable to set the group membership for user: Operation not permitted
The above log is abbreviated, but I am seeing this repeated warning. I am using the "blank screen" only screensaver with a screenlock. I googled this and see some others reported the same bug years ago. I don't see the obvious solution, and configuring PAM is not my strong suit, at least, not yet.

Perhaps, the group knows the solution already. I know that PAM integration is very new and there are bound to be glitches.
Old 05-21-2020, 09:21 AM   #2
Registered: Mar 2008
Location: Switzerland
Distribution: Slackware64-current
Posts: 570

Rep: Reputation: 211Reputation: 211Reputation: 211
Just checked and I have lots of these messages too.
Old 05-21-2020, 03:23 PM   #3
Senior Member
Registered: Oct 2005
Location: France
Distribution: Slackware current 64bit
Posts: 1,066
Blog Entries: 5

Rep: Reputation: 270Reputation: 270Reputation: 270
I'm just starting to look into how PAM works. So my analysis could be incorrect.

PAM rules for xscreensaver are:
$cat /etc/pam.d/xscreensaver 
  auth       include      system-auth

/etc/pam.d/system-auth contains an optional rule with module "pam_group" in management group "auth" :
$cat /etc/pam.d/system-auth 
# Authentication #
auth        required
auth        optional
auth        sufficient likeauth nullok
auth        required
auth        optional
As this rule is optional, I think we should not worry about the error message.

One way to avoid this error message is to change the rules in /etc/pam.d/xscreensaver. I copied the rules from /etc/pam.d/cups to /etc/pam.d/xscreensaver and then I could manage to unlock xscreensaver without the logging of the error message. This is how the new screensaver rules look like:
$cat /etc/pam.d/xscreensaver
auth    required shadow nodelay
account required
My current knowledge of PAM is not sufficient enough to confirm whether or not these updated xscreensaver rules are secure.

[EDIT] These rules might be more secure:
$ cat /etc/pam.d/xscreensaver
auth    sufficient shadow nodelay
auth    required
account sufficient
account required

Last edited by gegechris99; 05-21-2020 at 03:33 PM. Reason: Added proposal for more secure rules for xscreensaver


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
/etc/pam.d/system-auth-ac vs. /etc/pam.d/password-auth-ac vs. /etc/pam.d/sshd christr Red Hat 2 08-01-2014 07:08 PM
[SOLVED] Error when compiling Linux-PAM in slackware64-current fakhry Slackware 2 01-02-2012 11:42 AM
Updating from Slackware64-current to Slackware64 13. glore2002 Slackware 4 08-28-2009 06:50 PM
Xscreensaver not using .xscreensaver psychobyte Fedora 4 04-07-2006 10:02 AM
xscreensaver installed, but no xscreensaver-demo command? dalesan Linux - Software 7 09-01-2004 01:06 PM > Forums > Linux Forums > Linux - Distributions > Slackware

All times are GMT -5. The time now is 08:02 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration