Description of problem: pam_exec.so now fails to execute a shell. Version-Release number of selected component: Current versions from fedora repos: pam-1.1.4-4.fc15.x86_64 util-linux-2.19.1-1.4.fc15.x86_64 kernel 2.6.40.4-5.fc15.x86_64 Steps to Reproduce: 1. Add to /etc/pam.d/login a) `session optional pam_exec.so debug log=/tmp/pam.log /root/test.sh` or b) `session optional pam_exec.so debug log=/tmp/pam.log /bin/bash -c "sleep 5"` 2. Login with any user. Observe an error like following: a) localhost.localdomain login: test Password: /root/test.sh failed: exit code 13 b) localhost.localdomain login: test Password: /bin/bash failed: exit code 1
I do not think this is a real regression or even a bug at all. In case of the /root/test.sh either you do not have the file with executable permission or even if you do SELinux will prevent login from executing scripts from /root/ directory. The script should be placed in some place where executables should be held. Perhaps /usr/local/bin would be appropriate for you (and if you move the script from /root, do not forget to call restorecon on it). In case of the /bin/bash -c "sleep 5" - this never worked, the line should be: session optional pam_exec.so debug log=/tmp/pam.log /bin/bash -c [sleep 5] The " have to be replaced with [] as this is the marker for merging multiple space separated words into a single argument in the PAM configuration file.
You are right, it was SELinux related. Maybe I've missed sealert notifications, sorry. Thanks.