Open DirkHaar opened 7 years ago
Same problem here. These are the last lines in auth.log Apr 29 06:25:26 Lenovo-G460 unix_chkpwd[18540]: check pass; user unknown Apr 29 06:25:33 Lenovo-G460 unix_chkpwd[18544]: check pass; user unknown Apr 29 06:25:33 Lenovo-G460 unix_chkpwd[18544]: password check failed for user (yan) Apr 29 06:25:33 Lenovo-G460 cinnamon-screensaver-pam-helper: pam_unix(cinnamon-screensaver:auth): authentication failure; logname= uid=1000 euid=1000 tty=:0 ruser= rhost= user=yan Apr 29 06:25:35 Lenovo-G460 unix_chkpwd[18546]: check pass; user unknown Apr 29 06:26:08 Lenovo-G460 cinnamon-screensaver-pam-helper: pam_unix(cinnamon-screensaver:auth): conversation failed
Bumped into this (unix_chkpwd: check pass; user unknown
) today with cinnamon-screensaver
version 2.2.4
after enabling ecryptfs
for encrypting /home/<user>/
.
The issue seems to be with the permission of /sbin/unix_chkpwd
, where the cinnamon-screensaver
process owner does not have sufficient privilege to perform necessary privileged operation with /sbin/unix_chkpwd
needing EUID to be 0, regardless of the fact that it is world executable (read the source to find out the actual function asked). The default permission of /sbin/unix_chkpwd
is -rwxr-sr-x
with owner:group
being root:shadow
.
Make the binary SUID-root:
chmod u+s /sbin/unix_chkpwd
Needless to say, this might bite you in the tail if the binary has any insecure code. Again, this should be a temporary workaround at most. And read the source.
@heemayl I love you
@heemayl : That worked for me, screensaver unlocks now. Much appreciated.
Cinnamon 5.2.7
Linux 5.15.0-56-generic #62~20.04.1-Ubuntu SMP
Linux Mint 20.3 Una
Still present in
Cinnamon 5.8.4
cinnamon-screensaver 5.8.1
Linux 5.10.0-21-amd64 #1 SMP Debian 5.10.162-1 (2023-01-21) x86_64 GNU/Linux
Debian GNU/Linux trixie/sid
The fix by @heemayl worked like a charm.
After upgrading LM Cinnamon 18.1 simply by installing it over V18 unlocking the screen saver or manual screenlock dosn't work at all. No matter what password I use, unlocking is denied with wrong password, even abcdefgh or 12345678 and empty passwords, too. Only one (German) keyboard layout is installed, which is identical to the English one at least for any password I tried with 18.1. Useless to say that the "wrong" password is used to login, and even using it in a terminal via CTRL-ALT-F1 for "killall cinnamon-screensaver" does work. Killing the pw, restart, set one and restart and so one was heavily tested, with no success. While there are lots of issues around cinnamon-screensaver I haven't found this one on 18.1, and in the meantime I don't think it depends on my update itself but is a bug. Does anyone have an idea?
I'm not shure (as not experienced in python), but could it be an error in unlock.py at "on_unlock_clicked" ? Does "-1:" really get the last two bytes of 'text' - and does password matching really work?