LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices


Reply
  Search this Thread
Old 05-20-2020, 04:42 PM   #1
ddmayne
LQ Newbie
 
Registered: Sep 2012
Posts: 4

Rep: Reputation: Disabled
slackware64-current, post PAM introduction: xscreensaver complaining in log


Code:
# cat /var/log/secure
May 20 12:04:59 darkstar xscreensaver: pam_group(xscreensaver:setcred): unable to set the group membership for user: Operation not permitted
May 20 15:07:28 darkstar xscreensaver: pam_group(xscreensaver:setcred): unable to set the group membership for user: Operation not permitted
The above log is abbreviated, but I am seeing this repeated warning. I am using the "blank screen" only screensaver with a screenlock. I googled this and see some others reported the same bug years ago. I don't see the obvious solution, and configuring PAM is not my strong suit, at least, not yet.

Perhaps, the group knows the solution already. I know that PAM integration is very new and there are bound to be glitches.
 
Old 05-21-2020, 09:21 AM   #2
3rensho
Member
 
Registered: Mar 2008
Location: Switzerland
Distribution: Slackware64-current
Posts: 398

Rep: Reputation: 85
Just checked and I have lots of these messages too.
 
Old 05-21-2020, 03:23 PM   #3
gegechris99
Member
 
Registered: Oct 2005
Location: France
Distribution: Slackware current 64bit
Posts: 967
Blog Entries: 5

Rep: Reputation: 181Reputation: 181
I'm just starting to look into how PAM works. So my analysis could be incorrect.

PAM rules for xscreensaver are:
Code:
$cat /etc/pam.d/xscreensaver 
#%PAM-1.0
 
  auth       include      system-auth

/etc/pam.d/system-auth contains an optional rule with module "pam_group" in management group "auth" :
Code:
$cat /etc/pam.d/system-auth 
[...]
##################
# Authentication #
##################
#
auth        required      pam_env.so
auth        optional      pam_group.so
auth        sufficient    pam_unix.so likeauth nullok
auth        required      pam_deny.so
auth        optional      pam_gnome_keyring.so
[...]
As this rule is optional, I think we should not worry about the error message.

One way to avoid this error message is to change the rules in /etc/pam.d/xscreensaver. I copied the rules from /etc/pam.d/cups to /etc/pam.d/xscreensaver and then I could manage to unlock xscreensaver without the logging of the error message. This is how the new screensaver rules look like:
Code:
$cat /etc/pam.d/xscreensaver
auth    required        pam_unix.so shadow nodelay
account required        pam_unix.so
My current knowledge of PAM is not sufficient enough to confirm whether or not these updated xscreensaver rules are secure.

[EDIT] These rules might be more secure:
Code:
$ cat /etc/pam.d/xscreensaver
auth    sufficient      pam_unix.so shadow nodelay
auth    required        pam_deny.so
account sufficient      pam_unix.so
account required        pam_deny.so

Last edited by gegechris99; 05-21-2020 at 03:33 PM. Reason: Added proposal for more secure rules for xscreensaver
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
/etc/pam.d/system-auth-ac vs. /etc/pam.d/password-auth-ac vs. /etc/pam.d/sshd christr Red Hat 2 08-01-2014 07:08 PM
[SOLVED] Error when compiling Linux-PAM in slackware64-current fakhry Slackware 2 01-02-2012 11:42 AM
Updating from Slackware64-current to Slackware64 13. glore2002 Slackware 4 08-28-2009 06:50 PM
Xscreensaver not using .xscreensaver psychobyte Fedora 4 04-07-2006 10:02 AM
xscreensaver installed, but no xscreensaver-demo command? dalesan Linux - Software 7 09-01-2004 01:06 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware

All times are GMT -5. The time now is 02:19 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration