** Changed in: pam (Ubuntu Focal)
Status: In Progress => Won't Fix
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1957024
Title:
pam-mkhomedir does not honor private home directories
To manag
This bug was fixed in the package pam - 1.4.0-11ubuntu2.5
---
pam (1.4.0-11ubuntu2.5) jammy; urgency=medium
* Honor private home directory permissions (LP: #1957024)
-- Ponnuvel Palaniyappan Sun, 17 Nov 2024
10:17:22 +
** Changed in: pam (Ubuntu Jammy)
Status: Fix Co
After a couple restarts, there are still two tests failing:
autopkgtest for nginx/1.18.0-6ubuntu14.5 for s390x
autopkgtest for postgresql-14/14.15-0ubuntu0.22.04.1 for amd64
Both are due to timeouts in test infra and not related to the change here:
```
4656s DEBUG (session:936) GET call to compute
It is great to hear pam_mkhomedir now uses /etc/login.defs. That is
certainly better than modifying the pam configuration.
I was curious when this happened and found this commit on 2021-03-05.
The commit message does not indicate any specific motivation for why the
change was made.
https://githu
Hello there,
Can we move 1.4.0-11ubuntu2.5 to jammy-updates now? Thanks.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1957024
Title:
pam-mkhomedir does not honor private home directories
To manag
Thanks, Andreas, for the quick response. Indeed it makes sense to wait
until after the new year when everyone's back.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1957024
Title:
pam-mkhomedir does
> So I think this failure can be ignored. Can this be moved to -updates?
Indeed it shows green now, but we don't do releases to updates during
the end of year break, due to reduced availability of team members in
the case there is an urgent regression that needs fixing. And this
particularly appli
s390 tests has fails on Jammy without this change. See 'migration-
reference/0': https://autopkgtest.ubuntu.com/packages/a/at/jammy/s390x
Also fails for a 'hello' package.
So I think this failure can be ignored. Can this be moved to -updates?
Thanks,
Ponnuvel
--
You received this bug notificat
Hello Ponnuvel,
thanks for your regression analysis in comment
https://bugs.launchpad.net/ubuntu/+source/pam/+bug/1957024/comments/22
I do, however, agree with vorlon in
https://bugs.launchpad.net/ubuntu/+source/pam/+bug/1957024/comments/21
and think there is more risk in this change for Focal us
The s390 regression doesn't seem to be related to this change.
https://objectstorage.prodstack5.canonical.com/swift/v1/AUTH_0f9aae918d5b4744bf7b827671c86842/autopkgtest-jammy/jammy/s390x/a/at/20241213_232003_396cf@/log.gz
```
692s job 1 at Fri Dec 13 23:21:00 2024
692s + sleep 2
694s OK, at.9321 d
There are DEP8 errors[1] related to this SRU, please investigate:
Regression in autopkgtest for at (s390x): test log
Regression in autopkgtest for dovecot (s390x): test log
Regression in autopkgtest for kopanocore (ppc64el): test log
Regression in autopkgtest for samba (amd64): test log
1. https
** Tags removed: verification-needed
** Tags added: verification-done
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1957024
Title:
pam-mkhomedir does not honor private home directories
To manage no
SRU verification for Jammy.
## Current pam package shows permission 0755 for home dir
root@pon-jammy:~# dpkg -l | grep pam
ii libpam-cap:amd641:2.44-1ubuntu0.22.04.1
amd64POSIX 1003.1e capabilities (PAM module)
ii libpam-modules:amd641.4.0-1
Hello Alex, or anyone else affected,
Accepted pam into jammy-proposed. The package will build now and be
available at https://launchpad.net/ubuntu/+source/pam/1.4.0-11ubuntu2.5
in a few hours, and then in the -proposed repository.
Please help us by testing this new package. See
https://wiki.ubun
Hi Steve,
I don't disagree that there's an element of risk as noted in the SRU
description and that this is definitely changing the existing behaviour.
But my opinion is that the impacted set of users are going to be few if at all:
- those that create homedirs using pam *and*
- those that rely o
If this bug only applies to jammy and earlier, I question from an SRU
policy perspective if this is a behavior change we want to introduce
into 2+-year-old stable releases. It may be more correct but it may
also be unexpected on existing systems.
--
You received this bug notification because you
Thanks Alex for reverting!
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1957024
Title:
pam-mkhomedir does not honor private home directories
To manage notifications about this bug go to:
https://b
I have marked the it 'Fix released' for Noble+ and attached for Focal
and Jammy (attached on 2024-11-19).
** Patch added: "focal-debdiff.patch"
https://bugs.launchpad.net/ubuntu/+source/pam/+bug/1957024/+attachment/5838904/+files/focal-debdiff.patch
--
You received this bug notification beca
** Changed in: pam (Ubuntu Noble)
Status: In Progress => Fix Released
** Also affects: pam (Ubuntu Focal)
Importance: Undecided
Status: New
** Also affects: pam (Ubuntu Oracular)
Importance: Undecided
Status: New
** Also affects: pam (Ubuntu Plucky)
Importance: Unde
Debdiff for Jammy.
** Patch added: "jammy-debdiff.patch"
https://bugs.launchpad.net/ubuntu/+source/pam/+bug/1957024/+attachment/5838509/+files/jammy-debdiff.patch
** Patch removed: "jammy-debdiff.patch"
https://bugs.launchpad.net/ubuntu/+source/pam/+bug/1957024/+attachment/5837780/+files/
Thanks for the detailed analysis @pponnuvel - I have reverted this now
for pam in plucky in 1.5.3-7ubuntu4
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1957024
Title:
pam-mkhomedir does not honor p
Testing further, the newer versions of pam_mkhomedir module honours
the umask set in /etc/login.defs. So this has already been made consistent
across tools (useradd & so on). So the problem only exists in Jammy & older
Ubuntu releases.
pam_mkhomedir
The relevant part in /etc/login.defs (from Nob
** Changed in: pam (Ubuntu Jammy)
Status: New => In Progress
** Changed in: pam (Ubuntu Noble)
Status: New => In Progress
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1957024
Title:
** Changed in: pam (Ubuntu)
Status: In Progress => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1957024
Title:
pam-mkhomedir does not honor private home directories
To manage n
Debdiff for Noble.
** Patch added: "noble-debdiff.patch"
https://bugs.launchpad.net/ubuntu/+source/pam/+bug/1957024/+attachment/5838508/+files/noble-debdiff.patch
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launch
Attaching debdiff for Noble.
** Patch added: "noble-debdiff.patch"
https://bugs.launchpad.net/ubuntu/+source/pam/+bug/1957024/+attachment/5837779/+files/noble-debdiff.patch
** Also affects: pam (Ubuntu Jammy)
Importance: Undecided
Status: New
** Also affects: pam (Ubuntu Noble)
Attaching debdiff for Jammy.
** Patch added: "jammy-debdiff.patch"
https://bugs.launchpad.net/ubuntu/+source/pam/+bug/1957024/+attachment/5837780/+files/jammy-debdiff.patch
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://b
** Description changed:
- As reported in https://discourse.ubuntu.com/t/private-home-directories-
- for-ubuntu-21-04-onwards/19533/13:
+ [Impact]
A common situation is to have a central set of users (e.g. in LDAP) and
use pam_mkhomedir.so to create the home directory when the user first
l
The risk of immediate regression is low since this is only used for new
user accounts - but since the change is to a conffile there is always a
bit more risk due to interactions with dpkg etc. But that would be a
discussion to have with the SRU team.
--
You received this bug notification because
Thanks, Alex!
Do you think this could be backported (SRU'ed) existing releases (Noble,
and Jammy at least) once merged into Plucky or not recommend? It depends
on the risk factor as well as whether you think this is a feature or
bug.
--
You received this bug notification because you are a member
@pponnuvel - I am in the middle of uploading this for plucky :)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1957024
Title:
pam-mkhomedir does not honor private home directories
To manage notifica
@Ubuntu-sponsors, any update on this? I can see Plucky Puffin is now
open for development. So I am hoping we can make some progress on this
now.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1957024
T
Now that Oracular is out, I am re-subscribing Ubuntu Sponsors.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1957024
Title:
pam-mkhomedir does not honor private home directories
To manage notificat
@Vladmir, Thanks for looking into this. I agree this is a change in
behaviour and it's late in the cycle for Oracular. I'll hold this one
off until Oracular is out, and will re-subscribe next month. Thanks!
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is su
I have checked with Security Team and they advice that it is a bit late
in the cycle to make a significant change in the behaviour. Would it be
possible to obtain Feature Freeze Exception[1] for the issue if you
would like it to be included in Oracular, or resubscribe Sponsors early
in the next rel
Attaching the patch from #2 as a debdiff.
** Patch added: "private_home.debdiff"
https://bugs.launchpad.net/ubuntu/+source/pam/+bug/1957024/+attachment/5812180/+files/private_home.debdiff
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ub
** Changed in: pam (Ubuntu)
Status: Confirmed => In Progress
** Changed in: pam (Ubuntu)
Assignee: (unassigned) => Ponnuvel Palaniyappan (pponnuvel)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.ne
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: pam (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1957024
Title:
pam-mk
Here is a demonstration as requested in Discourse. These steps were run
on a stock image of Ubuntu Impish taken from https://cloud-
images.ubuntu.com/impish/current/.
Showing the inconsistent behavior of the default settings if the goal is
private home directories. Both adduser and useradd creat
39 matches
Mail list logo
