systemd-256 has switched to /usr/lib/systemd-home-fallback-shell for logging in homed users. As this is not within the /etc/shells file, login will fail. Reporting this against pambase as systemd response to a bug report by an arch user was that pam_shells should not be in the pam stack if homed is in use. I think there will probably need to be a discussion about how best to deal with this.
See also bug 910758 where we had similar but different issues caused by systemd + pam_shells.
I would be in favor of dropping pam_shells from our default PAM config. I think we just need to ensure this wont open up some unforeseen security hole.
The alternative would be adding /usr/bin/systemd-home-fallback-shelL to /etc/shells via a baselayout update but this seems like a fairly fragile fix. I’m not sure what security the pam_shells and /etc/shells file provide to the system so I can’t say with certainty that removal is safe.
I think we should investigate dropping pam_shells but add the path in the meantime to baselayout.
any update on this bug. systemd-256 is stable now but i need to add /usr/lib/systemd-home-fallback-shell to /etc/shell to make systemd-homed login function again.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/proj/baselayout.git/commit/?id=cb363321eff954180887609bac5f90463214f043 commit cb363321eff954180887609bac5f90463214f043 Author: Mike Gilbert <floppym@gentoo.org> AuthorDate: 2024-11-03 23:30:21 +0000 Commit: Mike Gilbert <floppym@gentoo.org> CommitDate: 2024-11-03 23:30:57 +0000 shells: add /usr/lib/systemd-home-fallback-shell Bug: https://bugs.gentoo.org/937941 Signed-off-by: Mike Gilbert <floppym@gentoo.org> etc/shells | 1 + 1 file changed, 1 insertion(+)
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c9ce71da010638a2ca33c895674b95b3f231f029 commit c9ce71da010638a2ca33c895674b95b3f231f029 Author: Mike Gilbert <floppym@gentoo.org> AuthorDate: 2024-11-03 23:36:59 +0000 Commit: Mike Gilbert <floppym@gentoo.org> CommitDate: 2024-11-03 23:36:59 +0000 sys-apps/baselayout: add 2.16 Closes: https://bugs.gentoo.org/910758 Closes: https://bugs.gentoo.org/937941 Signed-off-by: Mike Gilbert <floppym@gentoo.org> sys-apps/baselayout/Manifest | 1 + sys-apps/baselayout/baselayout-2.16.ebuild | 364 +++++++++++++++++++++++++++++ 2 files changed, 365 insertions(+)
systemd-home-fallback-shell location is in /usr/bin not /usr/lib on my system
(In reply to Björn Ferson from comment #8) > systemd-home-fallback-shell location is in /usr/bin not /usr/lib on my system Oops, fixed in 2.17.
