group.of.nepali.translators team mailing list archive

Thread
Date
[Bug 1762391] Re: pam_group.so is not evaluated by gnome-terminal

To: group.of.nepali.translators@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <1762391@xxxxxxxxxxxxxxxxxx>
Date: Thu, 23 Jan 2020 16:26:02 -0000
Reply-to: Bug 1762391 <1762391@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx
This bug was fixed in the package systemd - 244.1-0ubuntu2

---------------
systemd (244.1-0ubuntu2) focal; urgency=medium

  [ Dimitri John Ledkov ]
  * shutdown: do not detach autoclear loopback devices
    Author: Dimitri John Ledkov
    File: debian/patches/shutdown-do-not-detach-autoclear-loopback-devices.patch
    https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=3978d34b59e98cdd01836c41a10442967636b8fc

  [ Balint Reczey ]
  * Revert upstream commit breaking IPv4 DHCP in LXC containers in 244.1
    (LP: #1857123)
    File: debian/patches/Revert-network-if-sys-is-rw-then-udev-should-be-around.patch
    https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=39c12f8e736afd1b7bdeb13ff6bccaea85020873

systemd (244.1-0ubuntu1) focal; urgency=medium

  * New upstream version 244.1
    - network: set ipv6 mtu after link-up or device mtu change (LP: #1671951)
    - & other changes
  * Refresh patches.
    - Dropped changes:
      * d/p/lp-1853852-*: fix issues with muliplexed shmat calls (LP: #1853852)
        Files:
        - debian/patches/lp-1853852-seccomp-fix-multiplexed-system-calls.patch
        - debian/patches/lp-1853852-seccomp-mmap-test-results-depend-on-kernel-libseccom.patch
        https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=382271662c60c339b0a404c7a1772fe5670516ef
      * d/p/lp1671951-network-set-ipv6-mtu-after-link-up-or-device-mtu-cha.patch:
        set ipv6 mtu at correct time
  * pstore: Don't start systemd-pstore.service in containers.
    Usually it is not useful and can also fail making
    boot-and-services autopkgtest fail. (LP: #1856729)
    File: debian/patches/pstore-Don-t-start-systemd-pstore.service-in-containers.patch
    https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=28b5a03769cbed9d3170ebac38508b867530a2d6
  * Revert: network: do not drop foreign config if interface is in initialized state.
    This fixes FTBFS with the other network-related reverts.
    File: debian/patches/Revert-network-do-not-drop-foreign-config-if-interface-is.patch
    https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=22a9fa3bb03ba2a629926af39ea7df81fe33c9b8

systemd (244-3ubuntu5) focal; urgency=medium

  [ Dariusz Gadomski ]
  * d/p/lp1762391/0001-user-util-Add-helper-functions-for-gid-lists-operati.patch,
    d/p/lp1762391/0002-execute-Restore-call-to-pam_setcred.patch,
    d/p/lp1762391/0003-execute-Detect-groups-added-by-PAM-and-merge-them-wi.patch,
    d/p/lp1762391/0004-test-Add-tests-for-gid-list-ops.patch,
    d/p/lp1762391/0005-execute-add-const-to-array-parameters-where-possible.patch,
    d/p/lp1762391/0006-execute-allow-pam_setcred-to-fail-ignore-errors.patch:
    - Restore call to pam_setcred (LP: #1762391)

  [ Dan Streetman ]
  * d/t/storage: without scsi_debug, skip test (LP: #1847816)

systemd (244-3ubuntu4) focal; urgency=medium

  * d/p/lp1671951-network-set-ipv6-mtu-after-link-up-or-device-mtu-cha.patch:
    set ipv6 mtu at correct time (LP: #1671951)
  * d/p/0001-network-rename-linux_configure_after_setting_mtu-to-linux.patch,
    d/p/0002-network-add-link-setting_genmode-flag.patch,
    d/p/0003-network-if-ipv6ll-is-disabled-enumerate-tentative-ipv6-ad.patch,
    d/p/0004-network-drop-foreign-config-after-addr_gen_mode-has-been-.patch:
    - drop foreign config and raise interface after setting genmode
      (LP: #1845909)

systemd (244-3ubuntu3) focal; urgency=medium

  * shutdown: cherry-pick PR#14409 to fix detach of loopback devices
    for Ubuntu Core 20
    File: debian/patches/shutdown-modernizations-pr-14409.patch
    https://github.com/systemd/systemd/pull/14409.diff

systemd (244-3ubuntu2) focal; urgency=medium

  * d/p/debian/UBUNTU-Support-system-image-read-only-etc.patch:
    - re-add missing bits for timedated.c (LP: #1778936)

 -- Balint Reczey <rbalint@xxxxxxxxxx>  Wed, 22 Jan 2020 16:27:49 +0100

** Changed in: systemd (Ubuntu Focal)
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1762391

Title:
  pam_group.so is not evaluated by gnome-terminal

Status in systemd:
  New
Status in systemd package in Ubuntu:
  Fix Released
Status in systemd source package in Xenial:
  New
Status in systemd source package in Bionic:
  In Progress
Status in systemd source package in Cosmic:
  Won't Fix
Status in systemd source package in Eoan:
  In Progress
Status in systemd source package in Focal:
  Fix Released

Bug description:
  [Impact]

  pam_setcred call was missing in systemd making its implementation of the PAM protocol incomplete. It could manifest in different ways, but one particularly problematic for enterprise environments was the fact that
  processes were never getting group membership they were expected to get via pam_group module.

  [Test Case]

   * Add a /etc/security/group.conf entry, e.g.
     *;*;*;Al0000-2400;dialout,users
   * Add pam_group to your PAM stack, e.g. /etc/pam.d/common-auth
   * Login to the system and launch gnome-terminal (it will be launched via gnome-terminal-server launched by systemd --user + dbus).

  Expected result:
  Logged in user is a member of 'dialout' and 'users' groups.

  Actual result:
  no group membership gained from pam_group.

  [Regression Potential]

   * It introduces a new PAM warning message in some scenarios (e.g. for
  systemd DynamicUser=1 units) for users that can't authenticate
  (pam_setcred fails in such case).

   * In certain systems user group membership may be extended by
  pam_group.

  [Other Info]
  Original bug description:

  We are using Ubuntu in a university network with lots of ldap users.
  To automatically map ldap users/groups to local groups we are using
  pam_group.so. This has worked for years.

  With the upgrade from Xenial to Bionic /etc/security/group.conf is not
  evaluated anymore by gnome-terminal as it runs as systemd --user.
  Xterm, ssh, su, and tty* however do work as expected. Only the default
  gnome-terminal behaves different.

  According to https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851243
  and https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=756458 this
  might not be a bug, but a feature.

  Nevertheless this behavior is very unexpected when upgrading from
  Xenial to Bionic and therefore should at least added to the changelog.

  ProblemType: Bug
  DistroRelease: Ubuntu 18.04
  Package: gnome-terminal 3.28.0-1ubuntu1
  ProcVersionSignature: Ubuntu 4.15.0-10.11-generic 4.15.3
  Uname: Linux 4.15.0-10-generic x86_64
  NonfreeKernelModules: nvidia_modeset nvidia
  ApportVersion: 2.20.9-0ubuntu4
  Architecture: amd64
  CurrentDesktop: ubuntu:GNOME
  Date: Mon Apr  9 13:17:52 2018
  InstallationDate: Installed on 2018-03-29 (11 days ago)
  InstallationMedia: Ubuntu 18.04 LTS "Bionic Beaver" - Alpha amd64 (20180321)
  SourcePackage: gnome-terminal
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/systemd/+bug/1762391/+subscriptions