You are not logged in.

#1 2023-08-30 21:42:56

edgarcarpenter
Member
Registered: 2023-05-08
Posts: 6

Authentication fails when I try to login as root (solved)

Trying to login as root, I get

      [PAM] authenticate: Authentication failure
      Authentication for user  ""  failed

Root has a password - and I ran passwd again to be sure that its password hadn't gotten messed up somehow.

This happened first while using SDDM to log in.   Thinking SDDM might be at fault, I switched to lightdm - which also fails.

I've been using linux for 20 years, and sometimes I need to, or want to, sign in as root.  Different obstacles have been put in the way of this by different distros over the years.  Am I running up against some new effort to keep people from logging in as root?  Has some setting changed?

Thanks for your help!

Last edited by edgarcarpenter (2023-09-01 14:17:54)

Offline

#2 2023-08-30 22:03:36

seth
Member
Registered: 2012-09-03
Posts: 60,000

Re: Authentication fails when I try to login as root (solved)

Can you log in as root on the console? The "" in the pam message suggests the DMs try to log you in as a user w/ an empty username.

Fwwi: no, you're not supposed to start a GUI session as root, not because of anyones mean efforts, but because it's a seriously bad idea.
I don't know why you'd want to do that, but you certainly don't "need" to, https://en.wikipedia.org/wiki/XY_problem

Offline

#3 2023-08-31 02:20:40

edgarcarpenter
Member
Registered: 2023-05-08
Posts: 6

Re: Authentication fails when I try to login as root (solved)

Login fails on a console, too.  And I made sure it wasn't something simple, like the shift key.   I haven't needed to log in as root for nearly a year, so whatever is going on may have been going on for a long time.

And I know you don't know why I'd want to do that.  Occasionally, for specific tasks, it's easier for me to just switch to root rather than re-boot from a different OS instance to get something done.  I'm sure you do things in a more authorized and well informed way than I do - but on linux I'm just a user, and I try to do things as simply (for me) as possible.

In this case, a friend is coming to visit for a couple of weeks and I'm setting up a user on my pc for him to use.  To do this, I've created the new user and his directory - the next step normally (I've done this a few times) is log in as root, replace the contents of his directory with mine with all my customization, change the permissions to his userid, delete the bits I don't want him to have (like my browser autofill), and there it is, a nice, customized new user with very little effort.  Is there some other way to do this? Probably, but this is simple and quick.  And it's for a friend, so I'm not worried about security issues.

In the past, I've also logged in as root when I needed to move /home from the root partition to a different partition to get more space - that's the kind of thing I need to be able to login as root for, rather than booting from a separate os image.

Thanks for trying to help me - I greatly appreciate it.

Last edited by edgarcarpenter (2023-08-31 02:58:56)

Offline

#4 2023-08-31 06:34:17

seth
Member
Registered: 2012-09-03
Posts: 60,000

Re: Authentication fails when I try to login as root (solved)

Please post the actual resonse from the journal and the output of

sudo passwd -S root

(incidentally, can you still sudo commands?)

There's a huuuge field between doing stuff w/ elevated privileges and logging into a GUI session as root.
The first is common procedure and necessary to admin a system, the latter is like asking to get your system compromised.

Offline

#5 2023-08-31 16:18:11

edgarcarpenter
Member
Registered: 2023-05-08
Posts: 6

Re: Authentication fails when I try to login as root (solved)

Thanks for the response  - here's the result of the passwd command:

root P 2023-08-31 -1 -1 -1 -1

the password is now just lowercase "a", to eliminate any keyboard problems.  I normally use Dvorak, but "a" is the same on all English keyboards.

Here are the journal entries, from the time I tried to login with root to when I started to login with my normal id, "aaa".  Note that I'm now using lightdm, so the error messages seem to be a bit different from the SDDM ones:

Aug 31 09:54:19 eee-NUC systemd[1]: Started Session c2 of User lightdm.
Aug 31 09:54:19 eee-NUC systemd[4511]: Finished Update XDG user dir configuration.
Aug 31 09:54:19 eee-NUC systemd[4511]: Reached target Main User Target.
Aug 31 09:54:19 eee-NUC systemd[4511]: Startup finished in 417ms.
Aug 31 09:54:19 eee-NUC systemd[4511]: Created slice User Core Session Slice.
Aug 31 09:54:19 eee-NUC systemd[4511]: Starting D-Bus User Message Bus...
Aug 31 09:54:19 eee-NUC systemd[4511]: Started D-Bus User Message Bus.
Aug 31 09:54:19 eee-NUC dbus-daemon[4529]: [session uid=967 pid=4529] Activating systemd to hand-off: service name='org.a11y.Bus' unit='at-spi-dbus->
Aug 31 09:54:19 eee-NUC dbus-daemon[4529]: [session uid=967 pid=4529] Successfully activated service 'org.freedesktop.systemd1'
Aug 31 09:54:19 eee-NUC systemd[4511]: Starting Accessibility services bus...
Aug 31 09:54:19 eee-NUC dbus-daemon[4529]: [session uid=967 pid=4529] Successfully activated service 'org.a11y.Bus'
Aug 31 09:54:19 eee-NUC systemd[4511]: Started Accessibility services bus.
Aug 31 09:54:19 eee-NUC dbus-daemon[4529]: [session uid=967 pid=4529] Activating via systemd: service name='org.gtk.vfs.Daemon' unit='gvfs-daemon.se>
Aug 31 09:54:19 eee-NUC systemd[4511]: Starting Virtual filesystem service...
Aug 31 09:54:19 eee-NUC dbus-daemon[4529]: [session uid=967 pid=4529] Successfully activated service 'org.gtk.vfs.Daemon'
Aug 31 09:54:19 eee-NUC systemd[4511]: Started Virtual filesystem service.
Aug 31 09:54:20 eee-NUC dbus-daemon[1292]: [system] Activating via systemd: service name='org.freedesktop.home1' unit='dbus-org.freedesktop.home1.se>
Aug 31 09:54:20 eee-NUC dbus-daemon[1292]: [system] Activation via systemd failed for unit 'dbus-org.freedesktop.home1.service': Unit dbus-org.freed>
Aug 31 09:54:20 eee-NUC at-spi-bus-launcher[4537]: dbus-daemon[4537]: Activating service name='org.a11y.atspi.Registry' requested by ':1.0' (uid=967>
Aug 31 09:54:20 eee-NUC at-spi-bus-launcher[4537]: dbus-daemon[4537]: Successfully activated service 'org.a11y.atspi.Registry'
Aug 31 09:54:20 eee-NUC at-spi-bus-launcher[4572]: SpiRegistry daemon is running with well-known name - org.a11y.atspi.Registry
Aug 31 09:54:35 eee-NUC lightdm[4597]: gkr-pam: unable to locate daemon control file
Aug 31 09:54:35 eee-NUC lightdm[4597]: gkr-pam: stashed password to try later in open session
Aug 31 09:54:43 eee-NUC lightdm[4600]: pam_unix(lightdm:auth): authentication failure; logname= uid=0 euid=0 tty=:0 ruser= rhost=  user=root
Aug 31 09:54:51 eee-NUC dbus-daemon[1292]: [system] Activating via systemd: service name='org.freedesktop.home1' unit='dbus-org.freedesktop.home1.se>
Aug 31 09:54:51 eee-NUC dbus-daemon[1292]: [system] Activation via systemd failed for unit 'dbus-org.freedesktop.home1.service': Unit dbus-org.freed>
Aug 31 09:54:57 eee-NUC lightdm[4602]: gkr-pam: unable to locate daemon control file
Aug 31 09:54:57 eee-NUC lightdm[4602]: gkr-pam: stashed password to try later in open session
Aug 31 09:54:57 eee-NUC systemd[1]: Stopping Session c2 of User lightdm...
Aug 31 09:54:57 eee-NUC lightdm[4505]: pam_unix(lightdm-greeter:session): session closed for user lightdm
Aug 31 09:54:58 eee-NUC systemd[1]: session-c2.scope: Deactivated successfully.
Aug 31 09:54:58 eee-NUC systemd[1]: Stopped Session c2 of User lightdm.
Aug 31 09:54:58 eee-NUC systemd[1]: session-c2.scope: Consumed 5.063s CPU time.
Aug 31 09:54:58 eee-NUC lightdm[4602]: pam_unix(lightdm:session): session opened for user aaa(uid=1000) by aaa(uid=0)
Aug 31 09:54:58 eee-NUC systemd-logind[1295]: Removed session c2.
Aug 31 09:54:58 eee-NUC systemd-logind[1295]: New session 5 of user aaa.
Aug 31 09:54:58 eee-NUC systemd[1]: Started Session 5 of User aaa.
Aug 31 09:54:58 eee-NUC lightdm[4602]: gkr-pam: unlocked login keyring

And yes, sudo works with no problem.  Only logging in is failing.

I looked up the message "gkr-pam: unable to locate daemon control file", and that seems to be an unavoidable but benign message.

Again, thank for your help.

Last edited by edgarcarpenter (2023-08-31 19:03:13)

Offline

#6 2023-08-31 17:44:27

seth
Member
Registered: 2012-09-03
Posts: 60,000

Re: Authentication fails when I try to login as root (solved)

Please use [code][/code] tags. Edit your post in this regard.
Also please don't copy and paste out of the pager, it truncates lines (trailing ">"), redirect the output into a file in doubt.

Root isn't locked and has a usable password that changed today, so no problem there, sanity check:

grep root /etc/passwd # there's no password in that
Aug 31 09:54:35 eee-NUC lightdm[4597]: gkr-pam: unable to locate daemon control file
Aug 31 09:54:35 eee-NUC lightdm[4597]: gkr-pam: stashed password to try later in open session
Aug 31 09:54:43 eee-NUC lightdm[4600]: pam_unix(lightdm:auth): authentication failure; logname= uid=0 euid=0 tty=:0 ruser= rhost=  user=root

gkr-pam stashes the password (that's ok, it's for gnome-keyring) and then the lightdm authentication step fails straight in pam_unix

Let's see whether PAM is standard:

pacman -Qikk pambase
cat /etc/pam.d/lightdm

(Though if you fail to login on the console, the lightdm pam is probably only including system-login or system-local-login)

Offline

#7 2023-08-31 19:09:29

edgarcarpenter
Member
Registered: 2023-05-08
Posts: 6

Re: Authentication fails when I try to login as root (solved)

Thanks!  Here's the additional information you asked for:

[eee-NUC aaa]# grep root /etc/passwd # there's no password in that
root:x:0:0:root:/root:/usr/bin/bash


[eee-NUC aaa]# pacman -Qikk pambase
Name            : pambase
Version         : 20221020-1
Description     : Base PAM configuration for services
Architecture    : any
URL             : https://www.archlinux.org
Licenses        : GPL
Groups          : None
Provides        : None
Depends On      : None
Optional Deps   : None
Required By     : pam
Optional For    : None
Conflicts With  : None
Replaces        : None
Installed Size  : 2.65 KiB
Packager        : David Runge <dvzrv@archlinux.org>
Build Date      : Thu 20 Oct 2022 04:57:24 AM CDT
Install Date    : Fri 28 Oct 2022 04:59:05 PM CDT
Install Reason  : Installed as a dependency for another package
Install Script  : No
Validated By    : Signature

pambase: 8 total files, 0 altered files


[eee-NUC aaa]# cat /etc/pam.d/lightdm
#%PAM-1.0
auth        include     system-login
-auth       optional    pam_gnome_keyring.so
account     include     system-login
password    include     system-login
session     include     system-login
-session    optional    pam_gnome_keyring.so auto_start

Offline

#8 2023-08-31 19:33:12

seth
Member
Registered: 2012-09-03
Posts: 60,000

Re: Authentication fails when I try to login as root (solved)

Just a hunch:

chsh -l
sudo chsh -s /bin/bash root # i  don't think /usr/bin/bash is in /etc/shells by default

Offline

#9 2023-08-31 22:53:24

edgarcarpenter
Member
Registered: 2023-05-08
Posts: 6

Re: Authentication fails when I try to login as root (solved)

Thank you very much!  That fixes it.  And I've added /usr/bin/bash to /etc/shells, it may be referenced again sometime.  You've been very kind to take this much time to help, it would have taken me days to get there on my own. I only have a fairly superficial knowledge of linux except for the specific bits I've had to learn to get by.  I wonder how that definition got dropped?  But there's nothing like well-educated hunches, are there?

And don't be concerned that I'm logging in as root - I know you mean well, but I spent years as a systems architect at a big brokerage house, where I had allocate/delete/read/write/execute permissions on everything, all the time, at all the mainframe data centers.  It was the equivalent of always being root, and that environment was much more complex and consequential than my PC, which is pretty much protected by my old work habits, whoever I log in as.  To me, logging in as root occasionally just doesn't seem unusual or perilous.

And, sorry, I can't see anywhere to flag this as solved -

Last edited by edgarcarpenter (2023-09-01 05:22:50)

Offline

#10 2023-09-01 06:53:40

seth
Member
Registered: 2012-09-03
Posts: 60,000

Re: Authentication fails when I try to login as root (solved)

Mark resolved threads by editing your initial posts subject - so others will know that there's no task left, but maybe a solution to find.
Thanks.

Was your workplace mainframe hooked up to the internet together with some billion people?
The concern is not so much that you do an oopsie and crash wall street (not that this ever happened…) but modern DEs will open a dozen WAN connections by default just on startup and the overly complex GUI code is vastly exploitable and often subject to completely unvetted plugins.
Try to limit your privileges to a root shell and the minimum of required processes for the task.

Offline

#11 2023-09-01 14:17:17

edgarcarpenter
Member
Registered: 2023-05-08
Posts: 6

Re: Authentication fails when I try to login as root (solved)

Once again, thanks for your help, I appreciate it.

Offline

Board footer

Powered by FluxBB