Summary: | sys-auth/pambase: /etc/pam.d/sudo references `session pam_systemd.so` which breaks passwordless sudo in shell scripts | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Niklas Haas <gentoo> |
Component: | Current packages | Assignee: | Gentoo's Team for Core System packages <base-system> |
Status: | RESOLVED DUPLICATE | ||
Severity: | normal | CC: | grawity, pam-bugs+disabled, systemd |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 485470 | ||
Bug Blocks: |
Description
Niklas Haas
2016-08-31 16:22:26 UTC
Note: I can work around the issue by rewriting my /etc/pam.d/sudo from this: {{{ auth include system-auth account include system-auth session include system-auth }}} to this: {{{ auth include system-auth account include system-auth session required pam_limits.so session required pam_env.so session required pam_unix.so session optional pam_permit.so }}} Maybe we should move pam_systemd out of system-auth. Seems like the purpose of `pam_systemd.so` is creating a logind session for what would be considered an interactive login, i.e. from getty or via ssh. If `system-auth` is just for providing authentication, then it should not be referencing anything to do with login sessions. (Instead, maybe a separate category like `system-session` would be more appropriate?) it seems it was added to system-auth in bug 485470 (In reply to Mike Gilbert from comment #2) > Maybe we should move pam_systemd out of system-auth. yes, and this should be the system-login file *** This bug has been marked as a duplicate of bug 504492 *** |