** Description changed: Ubuntu release ============== Description: Ubuntu 16.04.1 LTS Release: 16.04 Package version =============== According to `apt-file search /etc/pam.d/chsh`, package `passwd` owns that file. passwd: - Installed: 1:4.2-3.1ubuntu5 - Candidate: 1:4.2-3.1ubuntu5 - Version table: - *** 1:4.2-3.1ubuntu5 500 - 500 http://archive.ubuntu.com/ubuntu xenial/main amd64 Packages - 100 /var/lib/dpkg/status + Installed: 1:4.2-3.1ubuntu5 + Candidate: 1:4.2-3.1ubuntu5 + Version table: + *** 1:4.2-3.1ubuntu5 500 + 500 http://archive.ubuntu.com/ubuntu xenial/main amd64 Packages + 100 /var/lib/dpkg/status What you expected to happen =========================== The following should mess up root's default shell and then fix it to use `bash`. - sudo chsh -s /bin/nonexistent - sudo chsh -s /bin/bash + sudo chsh -s /bin/nonexistent + sudo chsh -s /bin/bash What happened instead ===================== PAM blocks what should be a simple fix: - $ sudo chsh -s /bin/noexistent - chsh: Warning: /bin/noexistent does not exist - $ sudo chsh -s /bin/bash - Password: - chsh: PAM: Authentication failure + $ sudo chsh -s /bin/nonexistent + chsh: Warning: /bin/nonexistent does not exist + $ sudo chsh -s /bin/bash + Password: + chsh: PAM: Authentication failure Note especially that the password prompt above isn't the standard `sudo` password prompt. `sudo` has already been recently given a password, so it didn't ask again. - $ SHELL=/bin/bash sudo --shell - # chsh -s /bin/bash - Password: - chsh: PAM: Authentication failure + $ SHELL=/bin/bash sudo --shell + # chsh -s /bin/bash + Password: + chsh: PAM: Authentication failure This happens even though the `root` account is disabled and thus has no password. Even setting a password for `root` and using that password doesn't work, so it's apparently not asking for the `root` password. Workaround ========== 1. Edit `/etc/pam.d/chsh` 2. Comment out the line `auth required pam_shells.so` 3. Run `sudo chsh -s /bin/bash` 4. Edit `/etc/pam.d/chsh` 5. Uncomment the line `auth required pam_shells.so` ProblemType: Bug DistroRelease: Ubuntu 16.04 Package: passwd 1:4.2-3.1ubuntu5 ProcVersionSignature: Ubuntu 4.4.0-47.68-generic 4.4.24 Uname: Linux 4.4.0-47-generic x86_64 ApportVersion: 2.20.1-0ubuntu2.1 Architecture: amd64 CurrentDesktop: Unity Date: Fri Nov 11 14:42:57 2016 DistributionChannelDescriptor: - # This is a distribution channel descriptor - # For more information see http://wiki.ubuntu.com/DistributionChannelDescriptor - canonical-oem-somerville-xenial-amd64-20160624-2 + # This is a distribution channel descriptor + # For more information see http://wiki.ubuntu.com/DistributionChannelDescriptor + canonical-oem-somerville-xenial-amd64-20160624-2 EcryptfsInUse: Yes InstallationDate: Installed on 2016-11-01 (10 days ago) InstallationMedia: Ubuntu 16.04 "Xenial" - Build amd64 LIVE Binary 20160624-10:47 SourcePackage: shadow UpgradeStatus: No upgrade log present (probably fresh install)
** Description changed: Ubuntu release ============== Description: Ubuntu 16.04.1 LTS Release: 16.04 Package version =============== According to `apt-file search /etc/pam.d/chsh`, package `passwd` owns that file. passwd: Installed: 1:4.2-3.1ubuntu5 Candidate: 1:4.2-3.1ubuntu5 Version table: *** 1:4.2-3.1ubuntu5 500 500 http://archive.ubuntu.com/ubuntu xenial/main amd64 Packages 100 /var/lib/dpkg/status What you expected to happen =========================== The following should mess up root's default shell and then fix it to use - `bash`. + `bash`: sudo chsh -s /bin/nonexistent sudo chsh -s /bin/bash What happened instead ===================== PAM blocks what should be a simple fix: - $ sudo chsh -s /bin/nonexistent - chsh: Warning: /bin/nonexistent does not exist + $ sudo chsh -s /bin/noexistent + chsh: Warning: /bin/noexistent does not exist $ sudo chsh -s /bin/bash Password: chsh: PAM: Authentication failure Note especially that the password prompt above isn't the standard `sudo` password prompt. `sudo` has already been recently given a password, so it didn't ask again. $ SHELL=/bin/bash sudo --shell # chsh -s /bin/bash Password: chsh: PAM: Authentication failure This happens even though the `root` account is disabled and thus has no password. Even setting a password for `root` and using that password doesn't work, so it's apparently not asking for the `root` password. Workaround ========== 1. Edit `/etc/pam.d/chsh` 2. Comment out the line `auth required pam_shells.so` 3. Run `sudo chsh -s /bin/bash` 4. Edit `/etc/pam.d/chsh` 5. Uncomment the line `auth required pam_shells.so` ProblemType: Bug DistroRelease: Ubuntu 16.04 Package: passwd 1:4.2-3.1ubuntu5 ProcVersionSignature: Ubuntu 4.4.0-47.68-generic 4.4.24 Uname: Linux 4.4.0-47-generic x86_64 ApportVersion: 2.20.1-0ubuntu2.1 Architecture: amd64 CurrentDesktop: Unity Date: Fri Nov 11 14:42:57 2016 DistributionChannelDescriptor: # This is a distribution channel descriptor # For more information see http://wiki.ubuntu.com/DistributionChannelDescriptor canonical-oem-somerville-xenial-amd64-20160624-2 EcryptfsInUse: Yes InstallationDate: Installed on 2016-11-01 (10 days ago) InstallationMedia: Ubuntu 16.04 "Xenial" - Build amd64 LIVE Binary 20160624-10:47 SourcePackage: shadow UpgradeStatus: No upgrade log present (probably fresh install) ** Description changed: Ubuntu release ============== Description: Ubuntu 16.04.1 LTS Release: 16.04 Package version =============== According to `apt-file search /etc/pam.d/chsh`, package `passwd` owns that file. passwd: Installed: 1:4.2-3.1ubuntu5 Candidate: 1:4.2-3.1ubuntu5 Version table: *** 1:4.2-3.1ubuntu5 500 500 http://archive.ubuntu.com/ubuntu xenial/main amd64 Packages 100 /var/lib/dpkg/status What you expected to happen =========================== The following should mess up root's default shell and then fix it to use `bash`: sudo chsh -s /bin/nonexistent sudo chsh -s /bin/bash What happened instead ===================== PAM blocks what should be a simple fix: - $ sudo chsh -s /bin/noexistent - chsh: Warning: /bin/noexistent does not exist + $ sudo chsh -s /bin/nonexistent + chsh: Warning: /bin/nonexistent does not exist $ sudo chsh -s /bin/bash Password: chsh: PAM: Authentication failure Note especially that the password prompt above isn't the standard `sudo` password prompt. `sudo` has already been recently given a password, so it didn't ask again. $ SHELL=/bin/bash sudo --shell # chsh -s /bin/bash Password: chsh: PAM: Authentication failure This happens even though the `root` account is disabled and thus has no password. Even setting a password for `root` and using that password doesn't work, so it's apparently not asking for the `root` password. Workaround ========== 1. Edit `/etc/pam.d/chsh` 2. Comment out the line `auth required pam_shells.so` 3. Run `sudo chsh -s /bin/bash` 4. Edit `/etc/pam.d/chsh` 5. Uncomment the line `auth required pam_shells.so` ProblemType: Bug DistroRelease: Ubuntu 16.04 Package: passwd 1:4.2-3.1ubuntu5 ProcVersionSignature: Ubuntu 4.4.0-47.68-generic 4.4.24 Uname: Linux 4.4.0-47-generic x86_64 ApportVersion: 2.20.1-0ubuntu2.1 Architecture: amd64 CurrentDesktop: Unity Date: Fri Nov 11 14:42:57 2016 DistributionChannelDescriptor: # This is a distribution channel descriptor # For more information see http://wiki.ubuntu.com/DistributionChannelDescriptor canonical-oem-somerville-xenial-amd64-20160624-2 EcryptfsInUse: Yes InstallationDate: Installed on 2016-11-01 (10 days ago) InstallationMedia: Ubuntu 16.04 "Xenial" - Build amd64 LIVE Binary 20160624-10:47 SourcePackage: shadow UpgradeStatus: No upgrade log present (probably fresh install) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1641213 Title: PAM blocks fixing `chsh`ing root to a nonexistent shell To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1641213/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
