Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[SOLVED] Root can login, but not regular users
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Installing Gentoo
View previous topic :: View next topic  
Author Message
eohrnberger
Apprentice
Apprentice


Joined: 09 Dec 2004
Posts: 193

PostPosted: Thu Apr 30, 2015 2:48 am    Post subject: [SOLVED] Root can login, but not regular users Reply with quote

Installed a stage-3 tarball gentoo following the steps in the handbook. Got it all working and booting - sweet!

Just one thing. Any regular user can't login either via the console or via ssh, or via IMAP.

Been Googling up for hints on this, and added a number of debug lines to the various /etc/pam.d files to try and trace this failure down.

In the system log we have:

Code:

login[9328]: pam_securetty(login:auth): pam_securetty called via pam_sm_authenticate function
login[9328]: pam_tally2(login:auth): unknown option: debug
login[9328]: pam_nologin(login:auth): unknown option: debug
login[9328]: pam_access(login:account): login_access: user=username, from=pts/3, file=/etc/security/access.conf
login[9328]: pam_nologin(login:account): unknown option: debug
login[9328]: pam_tally2(login:account): unknown option: debug
Last login: Wed Apr 29 21:52:25 EDT 2015 on pts/3
login[9328]: pam_unix(login:session): session opened for user username by root(uid=0)
login[9328]: pam_tally2(login:setcred): unknown option: debug
login[9328]: pam_nologin(login:setcred): unknown option: debug
login[9328]: pam_unix(login:session): session closed for user username


We get all the way to MOTD, and then the next thing we see is session closed.

Been scratching head here as to how to proceed with debugging or ideas as to fixes. In previous posts I've noticed the it's often requested that emerge --info is provided.

Code:

emerge --info
Portage 2.2.14 (python 2.7.9-final-0, default/linux/amd64/13.0/desktop, gcc-4.8.4, glibc-2.20-r2, 3.17.8-gentoo-r1 x86_64)
=================================================================
System uname: Linux-3.17.8-gentoo-r1-x86_64-Intel-R-_Pentium-R-_CPU_G3220_@_3.00GHz-with-gentoo-2.2
KiB Mem:     8052764 total,   7183928 free
KiB Swap:    4194300 total,   4194300 free
Timestamp of tree: Mon, 27 Apr 2015 00:45:01 +0000
ld GNU ld (Gentoo 2.24 p1.4) 2.24
distcc 3.1 x86_64-pc-linux-gnu [enabled]
ccache version 3.1.9 [enabled]
app-shells/bash:          4.2_p53
dev-java/java-config:     2.2.0
dev-lang/perl:            5.20.2
dev-lang/python:          2.6.8-r3, 2.7.9-r1, 3.2.5-r6, 3.3.5-r1, 3.4.1
dev-util/ccache:          3.1.9-r4
dev-util/cmake:           2.8.12.2-r1
dev-util/pkgconfig:       0.28-r2
sys-apps/baselayout:      2.2
sys-apps/openrc:          0.13.11
sys-apps/sandbox:         2.6-r1
sys-devel/autoconf:       2.13, 2.69
sys-devel/automake:       1.11.6-r1, 1.12.6, 1.13.4
sys-devel/binutils:       2.24-r3
sys-devel/gcc:            4.6.4, 4.7.3-r1, 4.8.4
sys-devel/gcc-config:     1.7.3
sys-devel/libtool:        2.4.6
sys-devel/make:           4.1-r1
sys-kernel/linux-headers: 3.18 (virtual/os-headers)
sys-libs/glibc:           2.20-r2
Repositories: gentoo x-portage
ACCEPT_KEYWORDS="amd64"
ACCEPT_LICENSE="*"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-O2 -pipe"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/share/config /usr/share/gnupg/qualified.txt /var/lib/hsqldb"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/dconf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/php/apache2-php5.5/ext-active/ /etc/php/cgi-php5.5/ext-active/ /etc/php/cli-php5.5/ext-active/ /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo"
CXXFLAGS="-O2 -pipe"
DISTDIR="/usr/portage/distfiles"
FCFLAGS="-O2 -pipe"
FEATURES="assume-digests binpkg-logs ccache config-protect-if-modified distcc distcc-pump distlocks ebuild-locks fixlafiles merge-sync news parallel-fetch preserve-libs protect-owned sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync"
FFLAGS="-O2 -pipe"
GENTOO_MIRRORS="http://ftp.jaist.ac.jp/pub/Linux/Gentoo/ rsync://ftp.jaist.ac.jp/pub/Linux/Gentoo/ ftp://ftp.jaist.ac.jp/pub/Linux/Gentoo/ ftp://ftp.wh2.tu-dresden.de/pub/mirrors/gentoo http://mirror.yandex.ru/gentoo-distfiles/"
LDFLAGS="-Wl,-O1 -Wl,--as-needed"
MAKEOPTS=" -j34 -l14"
PKGDIR="/usr/portage/packages"
PORTAGE_CONFIGROOT="/"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --omit-dir-times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/local/portage"
USE="X a52 aac acl acpi alsa amd64 berkdb bluetooth branding bzip2 cairo cdda cdr cli consolekit cracklib crypt cups cxx dbus dri dts dvd dvdr emboss encode exif fam firefox flac fortran gd gdbm gif glamor gpm gtk2 iconv ipv6 jpeg lcms ldap libnotify mad mmx mmxext mng modules mp3 mp4 mpeg multilib ncurses nls nptl ogg opengl openmp pam pango pcre pdf png policykit ppds qt3support qt4 readline sdl session spell sse sse2 ssl startup-notification svg tcpd threads tiff truetype udev udisks unicode upower usb vorbis wxwidgets x264 xcb xml xv xvid zlib" ABI_X86="64" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" APACHE2_MODULES="authn_core authz_core socache_shmcb unixd actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CALLIGRA_FEATURES="kexi words flow plan sheets stage tables krita karbon braindump author" CAMERAS="ptp2" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" CPU_FLAGS_X86="mmx mmxext sse sse2" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf superstar2 timing tsip tripmate tnt ublox ubx" INPUT_DEVICES="keyboard mouse evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php5-5" PYTHON_SINGLE_TARGET="python2_7" PYTHON_TARGETS="python2_7 python3_3" RUBY_TARGETS="ruby19 ruby20" USERLAND="GNU" VIDEO_CARDS="fbdev glint intel mach64 mga nouveau nv r128 radeon savage sis tdfx trident vesa via vmware dummy v4l" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account"
Unset:  CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LC_ALL, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, SYNC, USE_PYTHON


Along the way, if there are any glaring errors, do please point them out, while I've been running Gentoo for some time, I'll never profess to never being willing to learn better ways of doing things.


Last edited by eohrnberger on Thu Apr 30, 2015 10:40 pm; edited 1 time in total
Back to top
View user's profile Send private message
eccerr0r
Watchman
Watchman


Joined: 01 Jul 2004
Posts: 7164
Location: almost Mile High in the USA

PostPosted: Thu Apr 30, 2015 4:46 am    Post subject: Reply with quote

It looks like 'debug' is an invalid flag or you stuck it in the wrong place...
You shouldn't need to modify /etc/security/access.conf or anything else in /etc/security; if you did, revert.

It seems that pam did let you regular user in, but then failed... Is your user's default shell working properly? Do you have login scripts that log you back out?
_________________
Intel Core i7 2700K@ 4.1GHz/HD3000 graphics/8GB DDR3/180GB SSD
What am I supposed watching?
Back to top
View user's profile Send private message
eohrnberger
Apprentice
Apprentice


Joined: 09 Dec 2004
Posts: 193

PostPosted: Thu Apr 30, 2015 1:15 pm    Post subject: Reply with quote

eccerr0r wrote:
It looks like 'debug' is an invalid flag or you stuck it in the wrong place...
You shouldn't need to modify /etc/security/access.conf or anything else in /etc/security; if you did, revert.

It seems that pam did let you regular user in, but then failed... Is your user's default shell working properly? Do you have login scripts that log you back out?


The 'debug' added did create a bit more output such as you see in the log I posted, but I probably some in on modules that don't support the argument, and they are whining.

root logs in just fine. I've not made any changes to the user's default profile or login scripts. The same is for the scripts that are in /etc/skel (?), but I can check that. I suppose I could move all the user's homedir login scripts to a temp dir, and the same with everything in /etc/skel.

I think I'll do that when I gt back to the machine.

Interesting thing to note is that when I do a local telnet test to the IMAP port, I get a 'login disable' (?) error message back.

I guess this is the payback I get for always using root and never logging in and using a normal user account. :oops: 'Cause I went back to 2 other machines that I've recently built / updated and have the same symptoms. Weird.

I've also re-emerged pambase, pam, shadow, and in desperation system, all these emerges went smoothly.


Last edited by eohrnberger on Thu Apr 30, 2015 2:30 pm; edited 1 time in total
Back to top
View user's profile Send private message
eccerr0r
Watchman
Watchman


Joined: 01 Jul 2004
Posts: 7164
Location: almost Mile High in the USA

PostPosted: Thu Apr 30, 2015 2:29 pm    Post subject: Reply with quote

Do you happen to have an /etc/nologin or something to that extent?

Have you etc-update/dispatch-conf recently to make sure your pam config files are up to date?
_________________
Intel Core i7 2700K@ 4.1GHz/HD3000 graphics/8GB DDR3/180GB SSD
What am I supposed watching?
Back to top
View user's profile Send private message
eohrnberger
Apprentice
Apprentice


Joined: 09 Dec 2004
Posts: 193

PostPosted: Thu Apr 30, 2015 2:31 pm    Post subject: Reply with quote

eccerr0r wrote:
Do you happen to have an /etc/nologin or something to that extent?

Have you etc-update/dispatch-conf recently to make sure your pam config files are up to date?


OK. I'll check that when I get back to the machine, and report back, later today.
Back to top
View user's profile Send private message
eohrnberger
Apprentice
Apprentice


Joined: 09 Dec 2004
Posts: 193

PostPosted: Thu Apr 30, 2015 10:40 pm    Post subject: Reply with quote

eccerr0r wrote:
Do you happen to have an /etc/nologin or something to that extent?

No, no /etc/nologin file exists
eccerr0r wrote:
Have you etc-update/dispatch-conf recently to make sure your pam config files are up to date?

etc-update shows no pending updates.

OK. Figured it out.

in /etc/skel/.bashrc the last line is: . ~/.bashrc which is intended to load up the user's ~/.bashrc.

Apparently, during the useradd execution, this skel is copied to the user's home dir, causing a recursive invocation of ~/.bashrc until the shell can't anymore and quits.

Thanks for the pointers!
Back to top
View user's profile Send private message
eohrnberger
Apprentice
Apprentice


Joined: 09 Dec 2004
Posts: 193

PostPosted: Mon May 04, 2015 1:04 pm    Post subject: Reply with quote

Dunno, but it may be a good thing if someone checked the distribution's /etc/skel files to make sure that there's isn't this little surprise hiding in there.
Back to top
View user's profile Send private message
eccerr0r
Watchman
Watchman


Joined: 01 Jul 2004
Posts: 7164
Location: almost Mile High in the USA

PostPosted: Mon May 04, 2015 1:48 pm    Post subject: Reply with quote

I would have imagined that etc-update should pick up on these custom changes and asked you to fix them after massive changes but you'd have to merge something that uses them, probably bash...
_________________
Intel Core i7 2700K@ 4.1GHz/HD3000 graphics/8GB DDR3/180GB SSD
What am I supposed watching?
Back to top
View user's profile Send private message
eohrnberger
Apprentice
Apprentice


Joined: 09 Dec 2004
Posts: 193

PostPosted: Mon May 04, 2015 5:16 pm    Post subject: Reply with quote

eccerr0r wrote:
I would have imagined that etc-update should pick up on these custom changes and asked you to fix them after massive changes but you'd have to merge something that uses them, probably bash...


Yeah, I'd imagine so too, but never did, and the thing of it is, I never edited any of the /etc/skel files that I can remember.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Installing Gentoo All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum