### Steps to reproduce: 1. Add USE "homed" to make.conf 2. Reemerge world set 3. Start systemd-homed.service & create brand new user with homectl 4. Try to login via tty/console 5. Pull your hair trying to figure out why wouldn't it work. Followed by enough research on pam that qualifies you for PhD on that. :-) ### Troubleshooting: After 2 days of mind-boggling, unable to login & feeling like digital handicap, I finally pin pointed problem to following line in /etc/pam.d/system-login which was not letting me pass. `auth required pam_shells.so` Weird. Bash is already listed in /etc/shells. But its /bin/bash which is symlink to /usr/bin/bash (on my systemd-merged-usr profile). So the problem is systemd-homed doesn't allow to login from symlinked shells. ### Proper fix Upto distro to decide. Option 1 and/or 2. 1. Request upstream systemd to allow login from symlinked shells. Unlikely to happen as they might reason with hardening measure for security. 2. Update sys-apps/baselayout and include all shells with /usr/ prefix (i.e. /usr/bin/bash) ### Quick workaround: Add /usr/bin/bash to /etc/shells
Huh.
Is causing factor pam_shells or pam_systemd_home? If pam_shells then why shadow-users are allowed with /bin/bash and systemd-homed users arent? So my noob guess is pam_shells is letting through homed-users but pam_systemd_home is probably also checking /etc/shells.
Okay. Further troubleshooting. So culprit was, I was creating user with `homectl create username --shell=/usr/bin/bash` which is also technically correct and should allow to login. For normal shadow users `useradd --shell /usr/bin/bash testuser` will also prevent user from login. Final verdict: - Nothing to do with systemd - pam_shells doesn't consider /bin/bash & /usr/bin/bash as same - /etc/shells from sys-apps/baselayout should include both variants (/bin/bash & /usr/bin/bash) to avoid such rare bugs. Debian & Fedora are also using both variants.
Any update on this?
I don't see anything to "fix" here. pam_shells is operating as intended, and users should use "/bin/bash" instead of "/usr/bin/bash". If you insist on using /usr/bin/bash, you can always edit /etc/shells manually.
I suppose listing /bin/bash and /usr/bin/bash in /etc/shells would not be harmful, so we can revisit this.
After appending '/usr/bin/bash' to '/etc/shells' I'm not able to login with my password the first time ('login incorrect'), but when I enter my username a second time and hit enter I log in instantly without my password. After a logout I can enter my username and password as expected and log in.
This happens for both users with '--shell {/bin/bash,/usr/bin/bash}'
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/proj/baselayout.git/commit/?id=5df03b84421ddbb2b0e60a74a08443206f4bfeea commit 5df03b84421ddbb2b0e60a74a08443206f4bfeea Author: Mike Gilbert <floppym@gentoo.org> AuthorDate: 2024-11-03 23:27:02 +0000 Commit: Mike Gilbert <floppym@gentoo.org> CommitDate: 2024-11-03 23:30:41 +0000 shells: add /usr variants Bug: https://bugs.gentoo.org/910758 Signed-off-by: Mike Gilbert <floppym@gentoo.org> etc/shells | 12 ++++++++++++ 1 file changed, 12 insertions(+)
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c9ce71da010638a2ca33c895674b95b3f231f029 commit c9ce71da010638a2ca33c895674b95b3f231f029 Author: Mike Gilbert <floppym@gentoo.org> AuthorDate: 2024-11-03 23:36:59 +0000 Commit: Mike Gilbert <floppym@gentoo.org> CommitDate: 2024-11-03 23:36:59 +0000 sys-apps/baselayout: add 2.16 Closes: https://bugs.gentoo.org/910758 Closes: https://bugs.gentoo.org/937941 Signed-off-by: Mike Gilbert <floppym@gentoo.org> sys-apps/baselayout/Manifest | 1 + sys-apps/baselayout/baselayout-2.16.ebuild | 364 +++++++++++++++++++++++++++++ 2 files changed, 365 insertions(+)
