Public bug reported:

Ubuntu release
==============
Description:    Ubuntu 16.04.1 LTS
Release:        16.04

Package version
===============

According to `apt-file search /etc/pam.d/chsh`, package `passwd` owns
that file.

passwd:
  Installed: 1:4.2-3.1ubuntu5
  Candidate: 1:4.2-3.1ubuntu5
  Version table:
 *** 1:4.2-3.1ubuntu5 500
        500 http://archive.ubuntu.com/ubuntu xenial/main amd64 Packages
        100 /var/lib/dpkg/status

What you expected to happen
===========================

The following should mess up root's default shell and then fix it to use
`bash`:

    sudo chsh -s /bin/nonexistent
    sudo chsh -s /bin/bash

What happened instead
=====================

PAM blocks what should be a simple fix:

    $ sudo chsh -s /bin/nonexistent
    chsh: Warning: /bin/nonexistent does not exist
    $ sudo chsh -s /bin/bash
    Password:
    chsh: PAM: Authentication failure

Note especially that the password prompt above isn't the standard `sudo`
password prompt. `sudo` has already been recently given a password, so
it didn't ask again.

    $ SHELL=/bin/bash sudo --shell
    # chsh -s /bin/bash
    Password:
    chsh: PAM: Authentication failure

This happens even though the `root` account is disabled and thus has no
password. Even setting a password for `root` and using that password
doesn't work, so it's apparently not asking for the `root` password.

Workaround
==========

1. Edit `/etc/pam.d/chsh`
2. Comment out the line `auth       required   pam_shells.so`
3. Run `sudo chsh -s /bin/bash`
4. Edit `/etc/pam.d/chsh`
5. Uncomment the line `auth       required   pam_shells.so`

ProblemType: Bug
DistroRelease: Ubuntu 16.04
Package: passwd 1:4.2-3.1ubuntu5
ProcVersionSignature: Ubuntu 4.4.0-47.68-generic 4.4.24
Uname: Linux 4.4.0-47-generic x86_64
ApportVersion: 2.20.1-0ubuntu2.1
Architecture: amd64
CurrentDesktop: Unity
Date: Fri Nov 11 14:42:57 2016
DistributionChannelDescriptor:
 # This is a distribution channel descriptor
 # For more information see http://wiki.ubuntu.com/DistributionChannelDescriptor
 canonical-oem-somerville-xenial-amd64-20160624-2
EcryptfsInUse: Yes
InstallationDate: Installed on 2016-11-01 (10 days ago)
InstallationMedia: Ubuntu 16.04 "Xenial" - Build amd64 LIVE Binary 
20160624-10:47
SourcePackage: shadow
UpgradeStatus: No upgrade log present (probably fresh install)

** Affects: shadow (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: amd64 apport-bug xenial

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1641213

Title:
  PAM blocks fixing `chsh`ing root to a nonexistent shell

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1641213/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to