Upgrading to 2.8.28-r2 from 2.8.28-r1 (same config) causes "permission denied" messages whenerer a user tries to log in in any way (tty, ssh, kdm...). Only root can log in normally. Syslog does not say much more than PAM is refusing log in. I can provide the precise message if necessary. emerge --info (downgraded to 2.6.28-r1): Portage 2.1.6.7 (default/linux/amd64/2008.0, gcc-4.3.3, glibc-2.9_p20081201-r2, 2.6.28-gentoo-r1 x86_64) ================================================================= System uname: Linux-2.6.28-gentoo-r1-x86_64-Intel-R-_Core-TM-2_CPU_6700_@_2.66GHz-with-glibc2.2.5 Timestamp of tree: Tue, 17 Feb 2009 14:30:01 +0000 app-shells/bash: 3.2_p48-r1 dev-java/java-config: 2.1.7 dev-lang/python: 2.5.4-r2 dev-util/cmake: 2.6.2-r1 sys-apps/baselayout: 2.0.0 sys-apps/openrc: 0.4.3-r1 sys-apps/sandbox: 1.3.7 sys-devel/autoconf: 2.13, 2.63 sys-devel/automake: 1.5, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10.2 sys-devel/binutils: 2.19.1 sys-devel/gcc-config: 1.4.1 sys-devel/libtool: 2.2.6a virtual/os-headers: 2.6.28-r1 ACCEPT_KEYWORDS="amd64 ~amd64" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-march=core2 -O2 -pipe" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/share/config /var/lib/hsqldb" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/env.d/java/ /etc/eselect/postgresql /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d /etc/splash /etc/terminfo /etc/texmf/language.dat.d /etc/texmf/language.def.d /etc/texmf/updmap.d /etc/texmf/web2c /etc/udev/rules.d" CXXFLAGS="-march=core2 -O2 -pipe" DISTDIR="/distfiles" EMERGE_DEFAULT_OPTS="--nospinner --with-bdeps y --alphabetical" FEATURES="distlocks fixpackages protect-owned sandbox sfperms strict unmerge-orphans userfetch userpriv usersandbox" GENTOO_MIRRORS="http://distfiles.gentoo.org http://distro.ibiblio.org/pub/linux/distributions/gentoo" LANG="en_US.UTF-8" LC_ALL="en_US.UTF-8" LDFLAGS="-Wl,-O1" LINGUAS="en" MAKEOPTS="-j2" PKGDIR="/usr/portage/packages" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="X a52 aac accessibility acpi alisp alsa amd64 amr amrnb amrwb ao archive asyncns audiofile bash-completion bios bluetooth boost branding bzip2 cairo calendar captury cdda cdio cgraph chm cli context cracklib crypt css curl cyrillic dbus dhcp dirac djbfft djvu doc dri dts dvd dvdr dvdread dynamic eap-tls emovix encode exif extra extrafilters fam fame fbcondecor ffmpeg fftw firefox fits flac fluidsynth fontconfig fpx games gd gdbm gif git glitz gnuplot gnutls graphics graphviz gs gtk hal hdri hpn htmlhandbook humanities hyperestraier ical iconv icu id3tag idea idn imagemagick inotify ipv6 isdnlog ithreads java java6 javascript jbig jce joystick jpeg jpeg2k jsapi kde kig-scripting kipi kpathsea ktts ladspa lame latex lcms libass libedit libffi libgcrypt libnotify libssh2 libwww lm_sensors lzo mad matroska mbrola midi mjpeg mmap mmx mmxext mng mod modplug mp3 mp4 mpeg mudflap multilib musepack music mysql ncurses network network-cron nls nptl nptlonly nuv odbc offensive ogg omega openal openexr opengl openmp oscar pam pango paste64 pcre pdf pg-intdatetime plotutils png portaudio postgres ppds pppd pstricks pth publishers pulseaudio python qemu qt3support qt4 quicktime rdesktop readline redland reflection rle rtsp sasl schroedinger science sdl sdl-image session slang smp sndfile sound soundtouch speex spell spl sql sqlite sqlite3 sse sse2 ssl ssse3 startup-notification stream subversion svg symlink sysfs theora threads tiff toolbar truetype unicode usb utempter vamp vcd vlc vlm vnc vorbis vorbis-psy wavpack webkit wideband wifi wmf x264 xcb xcomposite xetex xforms xml xmp xorg xscreensaver xulrunner xv xvid xvmc zip zlib zrtp" ALSA_CARDS="hda-intel" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" ELIBC="glibc" INPUT_DEVICES="evdev keyboard mouse" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="en" USERLAND="GNU" VIDEO_CARDS="nvidia" Unset: CPPFLAGS, CTARGET, FFLAGS, INSTALL_MASK, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, PORTDIR_OVERLAY
(In reply to comment #0) > Upgrading to 2.8.28-r2 from 2.8.28-r1 (same config) causes "permission denied" > messages whenerer a user tries to log in in any way (tty, ssh, kdm...). Only > root can log in normally. Syslog does not say much more than PAM is refusing > log in. I can provide the precise message if necessary. Yes, I think that the precice message will be help us identifying the problem further.
The message in my syslog is: login: pam_unix(login:session): session opened for user godji by LOGIN(uid=0) login: Permission denied godji is my username. As I said, it doesn't help much. Let me know if I can provide more information.
The bug remains in 2.6.28-r3. Does anyone have any ideas? I can't possibly be the only one hitting this one.
This bug is still present in 2.6.28-r4!
I can confirm this for 2.6.29 as well. I'm concerned now because I can no longer upgrade my kernel, and there are things in 29 I'd love to try. Could someone please help me debug this? Where should I look for the cause?
What happens if you create a new user. Can you login with that? Anything extraneous in /etc/passwd ?
Yes, I can log in just fine with a new user! I think you might be on to something. I do not see anything problematic in /etc/passwd. Should I post that file?
Yeah, let's take a look. Would you be able to remove a user that does not work and re add them back and then try to login ?
root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/bin/false daemon:x:2:2:daemon:/sbin:/bin/false adm:x:3:4:adm:/var/adm:/bin/false lp:x:4:7:lp:/var/spool/lpd:/bin/false sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/bin/false news:x:9:13:news:/usr/lib/news:/bin/false uucp:x:10:14:uucp:/var/spool/uucppublic:/bin/false operator:x:11:0:operator:/root:/bin/bash man:x:13:15:man:/usr/share/man:/bin/false postmaster:x:14:12:postmaster:/var/spool/mail:/bin/false smmsp:x:209:209:smmsp:/var/spool/mqueue:/bin/false portage:x:250:250:portage:/var/tmp/portage:/bin/false nobody:x:65534:65534:nobody:/:/bin/false sshd:x:22:22:added by portage for openssh:/var/empty:/sbin/nologin cron:x:16:16:added by portage for cronbase:/var/spool/cron:/sbin/nologin ntp:x:123:123:added by portage for ntp:/dev/null:/sbin/nologin godji:x:1000:1000:Georgi Chulkov:/home/godji:/bin/bash messagebus:x:101:1001:added by portage for dbus:/dev/null:/sbin/nologin pulse:x:102:1004:added by portage for pulseaudio:/var/run/pulse:/sbin/nologin haldaemon:x:103:1005:added by portage for hal:/dev/null:/sbin/nologin postgres:x:70:70:added by portage for postgresql-server:/var/lib/postgresql:/bin/bash rpc:x:111:111:added by portage for portmap:/dev/null:/sbin/nologin festival:x:104:18:added by portage for festival:/dev/null:/sbin/nologin hsqldb:x:105:1008:added by portage for hsqldb:/dev/null:/bin/sh ldap:x:439:439:added by portage for openldap:/usr/lib64/openldap:/sbin/nologin mysql:x:60:60:added by portage for mysql:/dev/null:/sbin/nologin penguin:x:9000:9000::/home/penguin:/bin/bash godji is the user that causes problems. penguin is the new user that does not.
Well, there might be something extraneous in that file. Can tell from a cut and paste. But, I thinking there's an issue with this file, and it's not a kernel bug.
I'm sorry, but I couldn't understand what you were trying to tell me. Is there some other file you wanted to see? The fact that pointing GRUB to a different kernel causes drastically different behavior means that the kernel is involved. Even if the bug is in userspace, there is _something_ that has changed in the kernel, namely between 2.6.28-r1 and 2.6.28-r2.
It appears the problem was a line in /etc/security/limits.conf: godji - nofile unlimited The use of unlimited (as opposed to a specific large number) triggers this: https://bugzilla.redhat.com/show_bug.cgi?id=485955
Why a kernel upgrade triggers it and why it worked before are still beyond me.