You are not logged in.
Hi,
Want to get rid of this error from my logs:
Feb 16 22:24:51 mypc gnome-screensaver-dialog[2884]: pam_tally(gnome-screensaver:auth): Error opening /var/log/faillog for update
Feb 16 22:24:51 mypc gnome-screensaver-dialog[2884]: pam_tally(gnome-screensaver:auth): Error opening /var/log/faillog for read
Feb 16 22:24:56 mypc gnome-screensaver-dialog[2884]: pam_tally(gnome-screensaver:setcred): Error opening /var/log/faillog for update
Feb 16 22:24:56 mypc gnome-screensaver-dialog[2884]: pam_tally(gnome-screensaver:setcred): Error opening /var/log/faillog for update
It is due to non-root user ID trying to write to fail log and not getting permission to do so. Some posts suggest it is not PAM bug, some chown faillog but then it is OK to let non-root users write to logs? I am lost.
Outputs:
$ cat /etc/pam.d/gnome-screensaver
#%PAM-1.0
auth substack system-login
-auth optional pam_gnome_keyring.so
$ cat /etc/pam.d/system-login
#%PAM-1.0
auth required pam_tally.so onerr=succeed file=/var/log/faillog
auth required pam_shells.so
auth requisite pam_nologin.so
auth include system-auth
account required pam_access.so
account required pam_nologin.so
account include system-auth
password include system-auth
session optional pam_loginuid.so
session include system-auth
session optional pam_motd.so motd=/etc/motd
session optional pam_mail.so dir=/var/spool/mail standard quiet
-session optional pam_systemd.so
session required pam_env.so
What is the best way to deal with this?
Thanks
Last edited by jackpot (2017-06-21 01:44:27)
KDE is all good bloated, try to trim away from K*.apps... whatever it leaves behind equals "Kuck yourself!"
nVidia.... fsck sdy0
Offline
I know very little about pam, but this is what i gathered:
There was similar issue with i3lock on arch bugtracker. And it was actually solved. [ https://bugs.archlinux.org/task/31544 ]
As of now this is /etc/pam.d/i3lock shippd by arch:
#
# PAM configuration file for the i3lock screen locker. By default, it includes
# the 'system-auth' configuration file (see /etc/pam.d/login)
#
auth include system-auth
Also, If you look into gnome repos [ https://git.gnome.org//browse/gnome-scr … creensaver ], they do quite the same - include system-auth insead of system-login. The former doesn't include pam_tally.so, and this is what i suppose fixes it. But I do not know if it negatively affects security.
There was also another suggestion from @loqs to use pam_tally2 [ https://bbs.archlinux.org/viewtopic.php … 2#p1647024 ]. But I didn't try that one.
Currenty this is my config, which doesn't produce unwated errors.
/etc/pam.d/gnome-screensaver
auth include system-auth
auth optional pam_gnome_keyring.so
So, perhaps it's a bug in arch repo, as pretty much the same fix was applied for i3lock.
Offline