Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 259429

Summary: gentoo-sources-2.8.28-r2 will not allow user login
Product: Gentoo Linux Reporter: georgi
Component: [OLD] Core systemAssignee: Gentoo Kernel Bug Wranglers and Kernel Maintainers <kernel>
Severity: critical CC: georgi
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
Package list:
Runtime testing required: ---

Description georgi 2009-02-17 23:41:29 UTC
Upgrading to 2.8.28-r2 from 2.8.28-r1 (same config) causes "permission denied" messages whenerer a user tries to log in in any way (tty, ssh, kdm...). Only root can log in normally. Syslog does not say much more than PAM is refusing log in. I can provide the precise message if necessary.

emerge --info (downgraded to 2.6.28-r1):

Portage (default/linux/amd64/2008.0, gcc-4.3.3, glibc-2.9_p20081201-r2, 2.6.28-gentoo-r1 x86_64)
System uname: Linux-2.6.28-gentoo-r1-x86_64-Intel-R-_Core-TM-2_CPU_6700_@_2.66GHz-with-glibc2.2.5       
Timestamp of tree: Tue, 17 Feb 2009 14:30:01 +0000                                                      
app-shells/bash:     3.2_p48-r1                                                                         
dev-java/java-config: 2.1.7                                                                             
dev-lang/python:     2.5.4-r2                                                                           
dev-util/cmake:      2.6.2-r1                                                                           
sys-apps/baselayout: 2.0.0                                                                              
sys-apps/openrc:     0.4.3-r1                                                                           
sys-apps/sandbox:    1.3.7                                                                              
sys-devel/autoconf:  2.13, 2.63                                                                         
sys-devel/automake:  1.5, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10.2                                          
sys-devel/binutils:  2.19.1                                                                             
sys-devel/gcc-config: 1.4.1                                                                             
sys-devel/libtool:   2.2.6a                                                                             
virtual/os-headers:  2.6.28-r1                                                                          
ACCEPT_KEYWORDS="amd64 ~amd64"                                                                          
CFLAGS="-march=core2 -O2 -pipe"                                                                         
CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/share/config /var/lib/hsqldb"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/env.d/java/ /etc/eselect/postgresql /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d /etc/splash /etc/terminfo /etc/texmf/language.dat.d /etc/texmf/language.def.d /etc/texmf/updmap.d /etc/texmf/web2c /etc/udev/rules.d"                                        
CXXFLAGS="-march=core2 -O2 -pipe"                                                                                       
EMERGE_DEFAULT_OPTS="--nospinner --with-bdeps y --alphabetical"                                                         
FEATURES="distlocks fixpackages protect-owned sandbox sfperms strict unmerge-orphans userfetch userpriv usersandbox"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages"
USE="X a52 aac accessibility acpi alisp alsa amd64 amr amrnb amrwb ao archive asyncns audiofile bash-completion bios bluetooth boost branding bzip2 cairo calendar captury cdda cdio cgraph chm cli context cracklib crypt css curl cyrillic dbus dhcp dirac djbfft djvu doc dri dts dvd dvdr dvdread dynamic eap-tls emovix encode exif extra extrafilters fam fame fbcondecor ffmpeg fftw firefox fits flac fluidsynth fontconfig fpx games gd gdbm gif git glitz gnuplot gnutls graphics graphviz gs gtk hal hdri hpn htmlhandbook humanities hyperestraier ical iconv icu id3tag idea idn imagemagick inotify ipv6 isdnlog ithreads java java6 javascript jbig jce joystick jpeg jpeg2k jsapi kde kig-scripting kipi kpathsea ktts ladspa lame latex lcms libass libedit libffi libgcrypt libnotify libssh2 libwww lm_sensors lzo mad matroska mbrola midi mjpeg mmap mmx mmxext mng mod modplug mp3 mp4 mpeg mudflap multilib musepack music mysql ncurses network network-cron nls nptl nptlonly nuv odbc offensive ogg omega openal openexr opengl openmp oscar pam pango paste64 pcre pdf pg-intdatetime plotutils png portaudio postgres ppds pppd pstricks pth publishers pulseaudio python qemu qt3support qt4 quicktime rdesktop readline redland reflection rle rtsp sasl schroedinger science sdl sdl-image session slang smp sndfile sound soundtouch speex spell spl sql sqlite sqlite3 sse sse2 ssl ssse3 startup-notification stream subversion svg symlink sysfs theora threads tiff toolbar truetype unicode usb utempter vamp vcd vlc vlm vnc vorbis vorbis-psy wavpack webkit wideband wifi wmf x264 xcb xcomposite xetex xforms xml xmp xorg xscreensaver xulrunner xv xvid xvmc zip zlib zrtp" ALSA_CARDS="hda-intel" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" ELIBC="glibc" INPUT_DEVICES="evdev keyboard mouse" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="en" USERLAND="GNU" VIDEO_CARDS="nvidia"
Comment 1 George Kadianakis (RETIRED) gentoo-dev 2009-02-25 18:12:46 UTC
(In reply to comment #0)
> Upgrading to 2.8.28-r2 from 2.8.28-r1 (same config) causes "permission denied"
> messages whenerer a user tries to log in in any way (tty, ssh, kdm...). Only
> root can log in normally. Syslog does not say much more than PAM is refusing
> log in. I can provide the precise message if necessary.

Yes, I think that the precice message will be help us identifying the problem further.
Comment 2 georgi 2009-02-26 21:22:08 UTC
The message in my syslog is:

login: pam_unix(login:session): session opened for user godji by LOGIN(uid=0)
login: Permission denied

godji is my username. As I said, it doesn't help much. Let me know if I can provide more information.
Comment 3 georgi 2009-03-09 23:17:59 UTC
The bug remains in 2.6.28-r3. Does anyone have any ideas? I can't possibly be the only one hitting this one.
Comment 4 georgi 2009-03-21 09:11:08 UTC
This bug is still present in 2.6.28-r4!
Comment 5 georgi 2009-03-26 21:45:42 UTC
I can confirm this for 2.6.29 as well. I'm concerned now because I can no longer upgrade my kernel, and there are things in 29 I'd love to try.

Could someone please help me debug this? Where should I look for the cause?
Comment 6 Mike Pagano gentoo-dev 2009-03-26 22:55:51 UTC
What happens if you create a new user. Can you login with that?
Anything extraneous in /etc/passwd ?

Comment 7 georgi 2009-03-28 22:34:11 UTC
Yes, I can log in just fine with a new user! I think you might be on to something.

I do not see anything problematic in /etc/passwd. Should I post that file?
Comment 8 Mike Pagano gentoo-dev 2009-03-28 23:43:47 UTC
Yeah, let's take a look.  Would you be able to remove a user that does not work and re add them back and then try to login ?

Comment 9 georgi 2009-03-29 01:21:18 UTC
sshd:x:22:22:added by portage for openssh:/var/empty:/sbin/nologin
cron:x:16:16:added by portage for cronbase:/var/spool/cron:/sbin/nologin
ntp:x:123:123:added by portage for ntp:/dev/null:/sbin/nologin
godji:x:1000:1000:Georgi Chulkov:/home/godji:/bin/bash
messagebus:x:101:1001:added by portage for dbus:/dev/null:/sbin/nologin
pulse:x:102:1004:added by portage for pulseaudio:/var/run/pulse:/sbin/nologin
haldaemon:x:103:1005:added by portage for hal:/dev/null:/sbin/nologin
postgres:x:70:70:added by portage for postgresql-server:/var/lib/postgresql:/bin/bash
rpc:x:111:111:added by portage for portmap:/dev/null:/sbin/nologin
festival:x:104:18:added by portage for festival:/dev/null:/sbin/nologin
hsqldb:x:105:1008:added by portage for hsqldb:/dev/null:/bin/sh
ldap:x:439:439:added by portage for openldap:/usr/lib64/openldap:/sbin/nologin
mysql:x:60:60:added by portage for mysql:/dev/null:/sbin/nologin

godji is the user that causes problems. penguin is the new user that does not.
Comment 10 Mike Pagano gentoo-dev 2009-03-29 19:30:21 UTC
Well, there might be something extraneous in that file. Can tell from a cut and paste.  But, I thinking there's an issue with this file, and it's not a kernel bug.
Comment 11 georgi 2009-03-29 21:03:43 UTC
I'm sorry, but I couldn't understand what you were trying to tell me. Is there some other file you wanted to see?

The fact that pointing GRUB to a different kernel causes drastically different behavior means that the kernel is involved. Even if the bug is in userspace, there is _something_ that has changed in the kernel, namely between 2.6.28-r1 and 2.6.28-r2.
Comment 12 georgi 2009-04-05 09:09:07 UTC
It appears the problem was a line in /etc/security/limits.conf:

godji - nofile unlimited

The use of unlimited (as opposed to a specific large number) triggers this:
Comment 13 georgi 2009-04-05 09:10:00 UTC
Why a kernel upgrade triggers it and why it worked before are still beyond me.