Ubuntu
pam package

pam_motd should log the error when run-parts fails

Bug #661654 reported by Yusef Maali on 2010-10-16

This bug affects 6 people

Affects		Status	Importance	Assigned to	Milestone
	pam (Ubuntu)	Triaged	Low	Unassigned

Bug Description

Binary package hint: libpam-modules

** Problem:
pam_motd module creates the file /var/run/motd.new but doesn't rename it into /var/run/motd.
The /etc/motd symlink points to /var/run/motd and at each user login are shown old informations.

** Repeatable:
Yes, always

** How to repeat:
You need to force "run-parts /etc/update-motd.d" to exit with errors.
To complete this task just add in the update-motd.d chain a script that exits with error or a symlink to a script that doesn't exist.

** Explanation:
I discover this issue while upgrading from lucid to maverik (server edition).
For some reason, the package update-notifier-common was removed and I was full of broken symlinks in the update-motd.d chain.
At each ssh login I was presented with stale informations.

Looking into the pam_motd.c code I found the problem.
The module performs a system("run-parts /etc/update-motd.d > /var/run/motd.new") call, that returns a non-zero value if run-parts exits with errors.
If the system() call returns a non-zero value, the following rename() call is not executed.
The file /var/run/motd.new is *always* created and written to disk with the output of the working scripts.
We are in the situation where the /var/run/motd.new is updated but never renamed into /var/run/motd, if some scripts have bugs or exit with errors.

I have attached a patch that should solve this problem.
The rename() call is not blocked by the system() call and moreover if run-parts exits with a non-zero value, pam_syslog is used to log the error and help sysadmins to find rapidly the problem.
Within the patch, the rename() call is always executed, even if run-parts fails totally and /var/run/motd.new is not created.
In this case, the rename() call doesn't perform the renaming and returns a non-zero value (but we are not interested in it).

Thanks,
Yusef

Tags:

Revision history for this message

Yusef Maali (usef) wrote on 2010-10-16:

pam_motd.patch Edit (1.8 KiB, text/plain)

Revision history for this message

Steve Langasek (vorlon) wrote on 2010-10-16:

Thank you for taking the time to report this issue and help to improve Ubuntu.

This is not a bug, this behavior is by design. We don't want to copy over an incomplete or broken motd in the event that one or more scripts have failed. The correct fix is to solve whatever is causing the non-zero exit of run-parts on your system.

Changed in pam (Ubuntu):
status:	New → Invalid

Revision history for this message

Dustin Kirkland  (kirkland) wrote on 2010-10-18:

Sounds to me like it's the cpu-checks. Subscribing Kees for his comment, to make sure this behavior is by design, too...

Revision history for this message

Yusef Maali (usef) wrote on 2010-10-20:

Hi Steve,

if this behavior is by design, I will anyway suggest to log the error somewhere (syslog?).
I have had lost a lot of time figuring out what the matter was.
If pam_motd had has logged the error, I would have solved the issue in a fraction of time.

Dustin, it isn't cpu-checks related.
During the upgrade I lost the update-notifier-common package and, with it, a lot of scripts (included the cpu-checks script).

Thanks you all for your great work on Ubuntu!
Yusef

Revision history for this message

Steve Langasek (vorlon) wrote on 2010-11-09:

agreed, it does make sense for pam_motd to log something in this case.

Changed in pam (Ubuntu):
importance:	Undecided → Low
status:	Invalid → Triaged

Brian Murray (brian-murray) on 2010-11-10

tags:

added: patch

Steve Langasek (vorlon) on 2011-06-12

tags:

added: bitesize
removed: patch

Steve Langasek (vorlon) on 2011-10-30

summary:

- pam_motd doesn't rename /var/run/motd.new if run-parts exits with errors
+ pam_motd should log the error when run-parts fails

Revision history for this message

compdoc (compdoc-h) wrote on 2012-05-22:

This problem occurs in 12.04.

Deleting /etc/update-motd.d/20-cpu-checker fixes the problem.

Do I understand correctly that cpu checking will no longer be done?

Revision history for this message

Steve Langasek (vorlon) wrote on 2012-05-22: Re: [Bug 661654] Re: pam_motd should log the error when run-parts fails

On Tue, May 22, 2012 at 12:52:19AM -0000, compdoc wrote:
> This problem occurs in 12.04.

> Deleting /etc/update-motd.d/20-cpu-checker fixes the problem.

That file is not part of 12.04. It was in update-notifier-common prior to
natty, but the package takes care of removing it on upgrade.

> Do I understand correctly that cpu checking will no longer be done?

There's no longer anything to be checked.

Revision history for this message

Edwin Grubbs (edwin-grubbs) wrote on 2013-02-14:

This broke for me because /etc/update-motd.d/50-landscape-sysinfo which calls /usr/bin/landscape-sysinfo has an ImportError that is caught silently.

The ImportError is caused by a weird bug with python namespaces, which occurs because I have python-zope.cachedescriptors installed in addition to python-zope.interface.

https://bugs.launchpad.net/ubuntu/+source/zope.interface/+bug/688335

You can fix this error by removing /usr/lib/python2.7/dist-packages/zope/__init__.py