Ubuntu
shadow package

PAM blocks fixing `chsh`ing root to a nonexistent shell

Bug #1641213 reported by Chai T. Rex on 2016-11-11

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	shadow (Ubuntu)	New	Undecided	Unassigned

Bug Description

Ubuntu release
==============

Description: Ubuntu 16.04.1 LTS
Release: 16.04

Package version
===============

According to `apt-file search /etc/pam.d/chsh`, package `passwd` owns that file.

passwd:
  Installed: 1:4.2-3.1ubuntu5
  Candidate: 1:4.2-3.1ubuntu5
  Version table:
*** 1:4.2-3.1ubuntu5 500
        500 http://archive.ubuntu.com/ubuntu xenial/main amd64 Packages
        100 /var/lib/dpkg/status

What you expected to happen
===========================

The following should mess up root's default shell and then fix it to use `bash`:

sudo chsh -s /bin/nonexistent
sudo chsh -s /bin/bash

What happened instead
=====================

PAM blocks what should be a simple fix:

    $ sudo chsh -s /bin/nonexistent
    chsh: Warning: /bin/nonexistent does not exist
    $ sudo chsh -s /bin/bash
    Password:
    chsh: PAM: Authentication failure

Note especially that the password prompt above isn't the standard `sudo` password prompt. `sudo` has already been recently given a password, so it didn't ask again.

    $ SHELL=/bin/bash sudo --shell
    # chsh -s /bin/bash
    Password:
    chsh: PAM: Authentication failure

This happens even though the `root` account is disabled and thus has no password. Even setting a password for `root` and using that password doesn't work, so it's apparently not asking for the `root` password.

Workaround
==========

1. Edit `/etc/pam.d/chsh`
2. Comment out the line `auth required pam_shells.so`
3. Run `sudo chsh -s /bin/bash`
4. Edit `/etc/pam.d/chsh`
5. Uncomment the line `auth required pam_shells.so`

ProblemType: Bug
DistroRelease: Ubuntu 16.04
Package: passwd 1:4.2-3.1ubuntu5
ProcVersionSignature: Ubuntu 4.4.0-47.68-generic 4.4.24
Uname: Linux 4.4.0-47-generic x86_64
ApportVersion: 2.20.1-0ubuntu2.1
Architecture: amd64
CurrentDesktop: Unity
Date: Fri Nov 11 14:42:57 2016
DistributionChannelDescriptor:
# This is a distribution channel descriptor
# For more information see http://wiki.ubuntu.com/DistributionChannelDescriptor
canonical-oem-somerville-xenial-amd64-20160624-2
EcryptfsInUse: Yes
InstallationDate: Installed on 2016-11-01 (10 days ago)
InstallationMedia: Ubuntu 16.04 "Xenial" - Build amd64 LIVE Binary 20160624-10:47
SourcePackage: shadow
UpgradeStatus: No upgrade log present (probably fresh install)

See original description

Tags:

Revision history for this message

Chai T. Rex (chaitrex) wrote on 2016-11-11:

Dependencies.txt Edit (1.3 KiB, text/plain; charset="utf-8")
JournalErrors.txt Edit (23.2 KiB, text/plain; charset="utf-8")
LoginDefs.txt Edit (10.3 KiB, text/plain; charset="utf-8")
ProcEnviron.txt Edit (112 bytes, text/plain; charset="utf-8")

Chai T. Rex (chaitrex) on 2016-11-11

description:	updated
description:	updated
description:	updated

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Bug attachments

Add attachment

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntushadow package