You are not logged in.
- Topics: Active | Unanswered
#1 2019-09-30 10:16:44
- Bersam
- Member
- From: Nowhere
- Registered: 2010-10-03
- Posts: 32
- Website
[SOLVED] PAM failed: User account has expired
Recently I've fresh installed my system and notice this behavior from systemd:
user@976 belongs to git sddm user, and it seems to have problem with systemd itself.
Sep 30 13:39:34 gnu kernel: audit: type=1130 audit(1569838174.485:42): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=user-runtime-dir@976 comm="systemd" exe="/us>
Sep 30 13:39:34 gnu systemd[3033]: pam_unix(systemd-user:account): account sddm has expired (account expired)
Sep 30 13:39:34 gnu systemd[3033]: PAM failed: User account has expired
Sep 30 13:39:34 gnu systemd[3033]: user@976.service: Failed to set up PAM session: Operation not permitted
Sep 30 13:39:34 gnu systemd[3033]: user@976.service: Failed at step PAM spawning /usr/lib/systemd/systemd: Operation not permitted
-- Subject: Process /usr/lib/systemd/systemd could not be executedIf you have notice this or there's any active bug request please let me know, so I can track this down.
Last edited by Bersam (2019-10-06 21:48:19)
Offline
#2 2019-09-30 11:16:24
- loqs
- Member
- Registered: 2014-03-06
- Posts: 17,436
Re: [SOLVED] PAM failed: User account has expired
Sep 30 13:39:34 gnu systemd[3033]: pam_unix(systemd-user:account): account sddm has expired (account expired)/etc/pam.d/sddm-greeter contains
session optional pam_systemd.soAs it is optional https://bugs.archlinux.org/task/63706#comment181624 only session registration with systemd fails.
Offline
#3 2019-09-30 15:39:58
- tolga9009
- Member
- From: Germany
- Registered: 2010-01-08
- Posts: 62
Re: [SOLVED] PAM failed: User account has expired
I've experienced the same in a systemd-nspawn container environment. Fresh install with pacstrap, only base group and git are installed.
su git resulted in "Account expired". I thought it was caused by git's shell beeing /usr/bin/git-shell. I will look into PAM, thanks.
Offline
#4 2019-09-30 16:39:46
- loqs
- Member
- Registered: 2014-03-06
- Posts: 17,436
Re: [SOLVED] PAM failed: User account has expired
@tolga9009 as an alternative to su git assuming you are following https://git-scm.com/book/en/v2/Git-on-t … the-Server
you could run the commands as root and chown the files to git:git.
Edit:
or chage -E -1 git
Last edited by loqs (2019-09-30 16:44:16)
Offline
#5 2019-09-30 18:03:08
- tolga9009
- Member
- From: Germany
- Registered: 2010-01-08
- Posts: 62
Re: [SOLVED] PAM failed: User account has expired
Yepp, I was following that guide 
!
you could run the commands as root and chown the files to git:git
That's what I did in the end, but I still couldn't do anything over SSH.
[root@git srv]# chage -l git
Last password change : Sep 30, 2019
Password expires : never
Password inactive : never
Account expires : Jan 02, 1970
Minimum number of days between password change : -1
Maximum number of days between password change : -1
Number of days of warning before password expires : -1I've simply done "chage -E -1 git", as you suggested. Thanks!
Offline
#6 2019-09-30 18:50:18
- loqs
- Member
- Registered: 2014-03-06
- Posts: 17,436
Re: [SOLVED] PAM failed: User account has expired
Can you please file a bug report against the git package as it appears the user git can not have an expired password.
Offline
#7 2019-09-30 23:07:40
- tolga9009
- Member
- From: Germany
- Registered: 2010-01-08
- Posts: 62
Re: [SOLVED] PAM failed: User account has expired
After further investigating the issue, I don't think it's a bug. User 'git' is created by '/usr/lib/sysusers.d/git.conf':
"The account will be created disabled, so that logins are not allowed." from 'man sysusers.d'.
Still, out of the box, you're getting:
git clone ssh://git@example.com:22/~git/test.git
Cloning into 'test'...
Your account has expired; please contact your system administrator
Connection closed by example.com port 22
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.Can't say anything about git-daemon, as I don't use it.
Offline
#8 2019-09-30 23:43:01
- loqs
- Member
- Registered: 2014-03-06
- Posts: 17,436
Re: [SOLVED] PAM failed: User account has expired
https://github.com/systemd/systemd/pull/13277
The account can be locked but not expired as was the case before that change.
Offline
#9 2019-10-01 04:28:03
- tolga9009
- Member
- From: Germany
- Registered: 2010-01-08
- Posts: 62
Re: [SOLVED] PAM failed: User account has expired
I see. Wasn't aware of this beeing a very recent change upstream. I think a bug report makes sense in this case. Thanks for the links!
//Edit: https://bugs.archlinux.org/task/63972
Last edited by tolga9009 (2019-10-01 04:48:59)
Offline
#10 2019-10-02 10:13:09
- feramirez
- Member
- Registered: 2013-03-20
- Posts: 3
Re: [SOLVED] PAM failed: User account has expired
Recently I've fresh installed my system and notice this behavior from systemd:
user@976 belongs to git user, and it seems to have problem with systemd itself.
Sep 30 13:39:34 gnu kernel: audit: type=1130 audit(1569838174.485:42): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=user-runtime-dir@976 comm="systemd" exe="/us> Sep 30 13:39:34 gnu systemd[3033]: pam_unix(systemd-user:account): account sddm has expired (account expired) Sep 30 13:39:34 gnu systemd[3033]: PAM failed: User account has expired Sep 30 13:39:34 gnu systemd[3033]: user@976.service: Failed to set up PAM session: Operation not permitted Sep 30 13:39:34 gnu systemd[3033]: user@976.service: Failed at step PAM spawning /usr/lib/systemd/systemd: Operation not permitted -- Subject: Process /usr/lib/systemd/systemd could not be executedIf you have notice this or there's any active bug request please let me know, so I can track this down.
I think this is related to a change in how systemd creates users.
Removing the expiration date in the sddm user should fix it:
[root@arch ~]# usermod --expiredate= sddmOffline
#11 2019-10-06 21:44:37
- Bersam
- Member
- From: Nowhere
- Registered: 2010-10-03
- Posts: 32
- Website
Re: [SOLVED] PAM failed: User account has expired
Bersam wrote:Recently I've fresh installed my system and notice this behavior from systemd:
user@976 belongs to git user, and it seems to have problem with systemd itself.
Sep 30 13:39:34 gnu kernel: audit: type=1130 audit(1569838174.485:42): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=user-runtime-dir@976 comm="systemd" exe="/us> Sep 30 13:39:34 gnu systemd[3033]: pam_unix(systemd-user:account): account sddm has expired (account expired) Sep 30 13:39:34 gnu systemd[3033]: PAM failed: User account has expired Sep 30 13:39:34 gnu systemd[3033]: user@976.service: Failed to set up PAM session: Operation not permitted Sep 30 13:39:34 gnu systemd[3033]: user@976.service: Failed at step PAM spawning /usr/lib/systemd/systemd: Operation not permitted -- Subject: Process /usr/lib/systemd/systemd could not be executedIf you have notice this or there's any active bug request please let me know, so I can track this down.
I think this is related to a change in how systemd creates users.
Removing the expiration date in the sddm user should fix it:
[root@arch ~]# usermod --expiredate= sddm
Thanks, that solved my problem. and indeed, 976 belongs to sddm rather than git, that was human error!
Offline