You are not logged in.

#1 2017-02-16 20:59:07

jackpot
Member
From: Riyadh, Saudi Arabia
Registered: 2014-08-18
Posts: 86

[Solved] gnome-screensaver and failed rw to /var/log/faillog

Hi,

Want to get rid of this error from my logs:

Feb 16 22:24:51 mypc gnome-screensaver-dialog[2884]: pam_tally(gnome-screensaver:auth): Error opening /var/log/faillog for update
Feb 16 22:24:51 mypc gnome-screensaver-dialog[2884]: pam_tally(gnome-screensaver:auth): Error opening /var/log/faillog for read
Feb 16 22:24:56 mypc gnome-screensaver-dialog[2884]: pam_tally(gnome-screensaver:setcred): Error opening /var/log/faillog for update
Feb 16 22:24:56 mypc gnome-screensaver-dialog[2884]: pam_tally(gnome-screensaver:setcred): Error opening /var/log/faillog for update

It is due to non-root user ID trying to write to fail log and not getting permission to do so. Some posts suggest it is not PAM bug, some chown faillog but then it is OK to let non-root users write to logs? I am lost.

Outputs:
$ cat /etc/pam.d/gnome-screensaver

#%PAM-1.0
auth        substack     system-login
-auth        optional     pam_gnome_keyring.so

$ cat /etc/pam.d/system-login

#%PAM-1.0

auth       required   pam_tally.so         onerr=succeed file=/var/log/faillog
auth       required   pam_shells.so
auth       requisite  pam_nologin.so
auth       include    system-auth

account    required   pam_access.so
account    required   pam_nologin.so
account    include    system-auth

password   include    system-auth

session    optional   pam_loginuid.so
session    include    system-auth
session    optional   pam_motd.so          motd=/etc/motd
session    optional   pam_mail.so          dir=/var/spool/mail standard quiet
-session   optional   pam_systemd.so
session    required   pam_env.so

What is the best way to deal with this?

Thanks

Last edited by jackpot (2017-06-21 01:44:27)


KDE is all good bloated, try to trim away from K*.apps... whatever it leaves behind equals "Kuck yourself!"
nVidia.... fsck sdy0

Offline

#2 2017-04-23 08:42:19

Talv
Member
Registered: 2017-04-23
Posts: 1

Re: [Solved] gnome-screensaver and failed rw to /var/log/faillog

I know very little about pam, but this is what i gathered:

There was similar issue with i3lock on arch bugtracker. And it was actually solved. [ https://bugs.archlinux.org/task/31544 ]

As of now this is /etc/pam.d/i3lock shippd by arch:

#
# PAM configuration file for the i3lock screen locker. By default, it includes
# the 'system-auth' configuration file (see /etc/pam.d/login)
#

auth include system-auth

Also, If you look into gnome repos [ https://git.gnome.org//browse/gnome-scr … creensaver ], they do quite the same - include system-auth insead of system-login. The former doesn't include pam_tally.so, and this is what i suppose fixes it. But I do not know if it negatively affects security.
There was also another suggestion from @loqs to use pam_tally2 [ https://bbs.archlinux.org/viewtopic.php … 2#p1647024 ]. But I didn't try that one.

Currenty this is my config, which doesn't produce unwated errors.
/etc/pam.d/gnome-screensaver

auth include  system-auth
auth optional pam_gnome_keyring.so

So, perhaps it's a bug in arch repo, as pretty much the same fix was applied for i3lock.

Offline

Board footer

Powered by FluxBB