Hi Russ! Am 02.12.2017 um 19:41 schrieb Russ Allbery: > Package: systemd > Version: 235-3 > Severity: normal > > Since upgrading a system to 235-3, all ssh connections are producing the > following syslog errors: > > Dec 2 06:28:23 lothlorien systemd: PAM unable to dlopen(pam_unix.so): > /lib/security/pam_unix.so: cannot open shared object file: No such file or > directory > Dec 2 06:28:23 lothlorien systemd: PAM adding faulty module: pam_unix.so > Dec 2 06:28:23 lothlorien sshd[20758]: pam_systemd(sshd:session): Failed to > create session: Start job for unit user@999.service failed with 'failed' > Dec 2 06:28:23 lothlorien systemd[20760]: PAM failed: Authentication failure > Dec 2 06:28:23 lothlorien systemd[20760]: user@999.service: Failed to set up > PAM session: Operation not permitted > Dec 2 06:28:23 lothlorien systemd[20760]: user@999.service: Failed at step > PAM spawning /lib/systemd/systemd: Operation not permitted > Dec 2 06:28:23 lothlorien systemd[1]: user@999.service: Failed with result > 'protocol'. > Dec 2 06:28:23 lothlorien systemd[1]: Failed to start User Manager for UID > 999. > > I'm fairly confused by this, and I'm not sure whether to blame systemd or > libpam or some other component. Obviously, the problem is that for some > reason it's trying to load /lib/security/pam_unix.so instead of the correct > multiarch path of /lib/x86_64-linux-gnu/security/pam_unix.so (which does > exist), but I have no idea why on earth it's doing that, or why this would > have changed with the upgrade. > > The ssh connection does successfully continue, but I suspect that's because > I'm not relying on anything provided by the user session at the moment. > > Everything else about PAM on this system is working fine; only systemd's > user.service seems to be having problems.
systemd-logind.service was locked down further in v235. A diff of systemd-logind.service shows: +LockPersonality=yes +IPAddressDeny=any I'm not entirely sure if that is related, but you might try commenting those two lines out in /lib/systemd/system/systemd-logind.service and see if that makes a difference. Regards, Michael -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth?
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Pkg-systemd-maintainers mailing list Pkg-systemd-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-systemd-maintainers
