Bug 679517 - authconfig does not rewrite pam configuration files to adjust to systemd
Summary: authconfig does not rewrite pam configuration files to adjust to systemd
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: systemd
Version: rawhide
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Lennart Poettering
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-02-22 19:17 UTC by Michal Jaegermann
Modified: 2011-03-12 04:42 UTC (History)
7 users (show)

Fixed In Version: systemd-20-1.fc15
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2011-03-12 04:42:53 UTC


Attachments (Terms of Use)

Description Michal Jaegermann 2011-02-22 19:17:51 UTC
Description of problem:

After updates files in /etc/pam.d/ are left in an "old" state which does not take into account systemd.  These creates problems like those described in https://bugzilla.redhat.com/show_bug.cgi?id=655321#c11 and followup comments
(where after a run of "autoconf --update" the problem disaapear).

No idea what should be responsible for such rewrites but Lennart Poettering points finger at autconf. 

Version-Release number of selected component (if applicable):
autoconf-2.68-2.fc15

Additional info:
See also bug 679091 which seem to describe effects of a similar issue; only there this was apparently a new installation.

Comment 1 Karsten Hopp 2011-02-23 08:44:22 UTC
I'm quite certain that this isn't an autoconf bug. You probably meant authconfig ?
Reassigning the component according to https://bugzilla.redhat.com/show_bug.cgi?id=655321#c16

Comment 2 Tomas Mraz 2011-02-23 09:34:24 UTC
The authconfig --update should be probably issued in %post of the systemd package if it does not find the pam_systemd in the config files.

Comment 3 Lennart Poettering 2011-02-23 12:54:59 UTC
hmm, ok, I guess I can execute that.

something along the lines of:

grep pam_systemd /etc/pam/system-auth-ac >/dev/null 2>&1 || authconfig --update

Tomas, does that look good to you?

Comment 4 Tomas Mraz 2011-02-23 13:31:24 UTC
To be sure that pam_systemd is added the script should call authconfig --updateall as a second try as if the configuration is otherwise consistent the authconfig will not touch it with --update. It is highly probable that on a system that requires the run of authconfig to add the pam_systemd the configuration will be inconsistent anyway it will in most cases be sufficient but there might be cases where authconfig --update will not touch it.

Also authconfig should be called directly from /usr/sbin/ as it avoids the consolehelper step.

So here is my suggestion for the script:

if grep -q pam_systemd /etc/pam.d/system-auth-ac ; then
:
else
    /usr/sbin/authconfig --update >/dev/null 2>&1 || :
    grep -q pam_systemd /etc/pam.d/system-auth-ac || /usr/sbin/authconfig --updateall >/dev/null 2>&1 || :
fi

Comment 5 Lennart Poettering 2011-02-23 14:13:31 UTC
(In reply to comment #4)

Why not just use -v on the grep cmdline?

i.e.:

if grep -vq pam_systemd /etc/pam.d/system-auth-ac ; then
        /usr/sbin/authconfig --update >/dev/null 2>&1 || :
        grep -q pam_systemd /etc/pam.d/system-auth-ac || /usr/sbin/authconfig --updateall >/dev/null 2>&1 || :
fi

Comment 6 Tomas Mraz 2011-02-23 14:37:57 UTC
It would not work it does something else than (not grep -q) - it matches all lines that do not contain pam_systemd.

Comment 7 Petr Lautrbach 2011-02-23 14:39:13 UTC
...(In reply to comment #5)
> Why not just use -v on the grep cmdline?
> 
> i.e.:
> 
> if grep -vq pam_systemd /etc/pam.d/system-auth-ac ; then
>         /usr/sbin/authconfig --update >/dev/null 2>&1 || :
>         grep -q pam_systemd /etc/pam.d/system-auth-ac || /usr/sbin/authconfig
> --updateall >/dev/null 2>&1 || :
> fi

# grep -q pam_systemd /etc/pam.d/system-auth-ac; echo $?
0
# grep -vq pam_systemd /etc/pam.d/system-auth-ac; echo $?
0


You probably want
if ! grep -q pam_systemd /etc/pam.d/system-auth-ac ; then

Comment 8 Fedora Update System 2011-03-01 01:37:30 UTC
Package systemd-19-1.fc15:
* should fix your issue,
* was pushed to the Fedora 15 updates-testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing systemd-19-1.fc15'
as soon as you are able to, then reboot.
Please go to the following url:
https://admin.fedoraproject.org/updates/systemd-19-1.fc15
then log in and leave karma (feedback).

Comment 9 Fedora Update System 2011-03-01 06:49:08 UTC
systemd-19-1.fc15 has been pushed to the Fedora 15 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update systemd'.  You can provide feedback for this update here: https://admin.fedoraproject.org/updates/systemd-19-1.fc15

Comment 10 Fedora Update System 2011-03-08 19:36:52 UTC
systemd-20-1.fc15 has been submitted as an update for Fedora 15.
https://admin.fedoraproject.org/updates/systemd-20-1.fc15

Comment 11 Fedora Update System 2011-03-12 04:42:30 UTC
systemd-20-1.fc15 has been pushed to the Fedora 15 stable repository.  If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.