Red Hat Bugzilla – Bug 737906
pam_exec issues after 1.1.4 update
Last modified: 2011-09-14 03:13:43 EDT
Description of problem:
pam_exec.so now fails to execute a shell.
Version-Release number of selected component:
Current versions from fedora repos:
Steps to Reproduce:
1. Add to /etc/pam.d/login
a) `session optional pam_exec.so debug log=/tmp/pam.log /root/test.sh`
b) `session optional pam_exec.so debug log=/tmp/pam.log /bin/bash -c "sleep 5"`
2. Login with any user. Observe an error like following:
localhost.localdomain login: test
/root/test.sh failed: exit code 13
b) localhost.localdomain login: test
/bin/bash failed: exit code 1
I do not think this is a real regression or even a bug at all.
In case of the /root/test.sh either you do not have the file with executable permission or even if you do SELinux will prevent login from executing scripts from /root/ directory. The script should be placed in some place where executables should be held. Perhaps /usr/local/bin would be appropriate for you (and if you move the script from /root, do not forget to call restorecon on it).
In case of the /bin/bash -c "sleep 5" - this never worked, the line should be:
session optional pam_exec.so debug log=/tmp/pam.log /bin/bash -c [sleep 5]
The " have to be replaced with  as this is the marker for merging multiple space separated words into a single argument in the PAM configuration file.
You are right, it was SELinux related. Maybe I've missed sealert notifications, sorry.