Public bug reported: Ubuntu release ==============
Description: Ubuntu 16.04.1 LTS Release: 16.04 Package version =============== According to `apt-file search /etc/pam.d/chsh`, package `passwd` owns that file. passwd: Installed: 1:4.2-3.1ubuntu5 Candidate: 1:4.2-3.1ubuntu5 Version table: *** 1:4.2-3.1ubuntu5 500 500 http://archive.ubuntu.com/ubuntu xenial/main amd64 Packages 100 /var/lib/dpkg/status What you expected to happen =========================== The following should mess up root's default shell and then fix it to use `bash`: sudo chsh -s /bin/nonexistent sudo chsh -s /bin/bash What happened instead ===================== PAM blocks what should be a simple fix: $ sudo chsh -s /bin/nonexistent chsh: Warning: /bin/nonexistent does not exist $ sudo chsh -s /bin/bash Password: chsh: PAM: Authentication failure Note especially that the password prompt above isn't the standard `sudo` password prompt. `sudo` has already been recently given a password, so it didn't ask again. $ SHELL=/bin/bash sudo --shell # chsh -s /bin/bash Password: chsh: PAM: Authentication failure This happens even though the `root` account is disabled and thus has no password. Even setting a password for `root` and using that password doesn't work, so it's apparently not asking for the `root` password. Workaround ========== 1. Edit `/etc/pam.d/chsh` 2. Comment out the line `auth required pam_shells.so` 3. Run `sudo chsh -s /bin/bash` 4. Edit `/etc/pam.d/chsh` 5. Uncomment the line `auth required pam_shells.so` ProblemType: Bug DistroRelease: Ubuntu 16.04 Package: passwd 1:4.2-3.1ubuntu5 ProcVersionSignature: Ubuntu 4.4.0-47.68-generic 4.4.24 Uname: Linux 4.4.0-47-generic x86_64 ApportVersion: 2.20.1-0ubuntu2.1 Architecture: amd64 CurrentDesktop: Unity Date: Fri Nov 11 14:42:57 2016 DistributionChannelDescriptor: # This is a distribution channel descriptor # For more information see http://wiki.ubuntu.com/DistributionChannelDescriptor canonical-oem-somerville-xenial-amd64-20160624-2 EcryptfsInUse: Yes InstallationDate: Installed on 2016-11-01 (10 days ago) InstallationMedia: Ubuntu 16.04 "Xenial" - Build amd64 LIVE Binary 20160624-10:47 SourcePackage: shadow UpgradeStatus: No upgrade log present (probably fresh install) ** Affects: shadow (Ubuntu) Importance: Undecided Status: New ** Tags: amd64 apport-bug xenial -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to shadow in Ubuntu. https://bugs.launchpad.net/bugs/1641213 Title: PAM blocks fixing `chsh`ing root to a nonexistent shell Status in shadow package in Ubuntu: New Bug description: Ubuntu release ============== Description: Ubuntu 16.04.1 LTS Release: 16.04 Package version =============== According to `apt-file search /etc/pam.d/chsh`, package `passwd` owns that file. passwd: Installed: 1:4.2-3.1ubuntu5 Candidate: 1:4.2-3.1ubuntu5 Version table: *** 1:4.2-3.1ubuntu5 500 500 http://archive.ubuntu.com/ubuntu xenial/main amd64 Packages 100 /var/lib/dpkg/status What you expected to happen =========================== The following should mess up root's default shell and then fix it to use `bash`: sudo chsh -s /bin/nonexistent sudo chsh -s /bin/bash What happened instead ===================== PAM blocks what should be a simple fix: $ sudo chsh -s /bin/nonexistent chsh: Warning: /bin/nonexistent does not exist $ sudo chsh -s /bin/bash Password: chsh: PAM: Authentication failure Note especially that the password prompt above isn't the standard `sudo` password prompt. `sudo` has already been recently given a password, so it didn't ask again. $ SHELL=/bin/bash sudo --shell # chsh -s /bin/bash Password: chsh: PAM: Authentication failure This happens even though the `root` account is disabled and thus has no password. Even setting a password for `root` and using that password doesn't work, so it's apparently not asking for the `root` password. Workaround ========== 1. Edit `/etc/pam.d/chsh` 2. Comment out the line `auth required pam_shells.so` 3. Run `sudo chsh -s /bin/bash` 4. Edit `/etc/pam.d/chsh` 5. Uncomment the line `auth required pam_shells.so` ProblemType: Bug DistroRelease: Ubuntu 16.04 Package: passwd 1:4.2-3.1ubuntu5 ProcVersionSignature: Ubuntu 4.4.0-47.68-generic 4.4.24 Uname: Linux 4.4.0-47-generic x86_64 ApportVersion: 2.20.1-0ubuntu2.1 Architecture: amd64 CurrentDesktop: Unity Date: Fri Nov 11 14:42:57 2016 DistributionChannelDescriptor: # This is a distribution channel descriptor # For more information see http://wiki.ubuntu.com/DistributionChannelDescriptor canonical-oem-somerville-xenial-amd64-20160624-2 EcryptfsInUse: Yes InstallationDate: Installed on 2016-11-01 (10 days ago) InstallationMedia: Ubuntu 16.04 "Xenial" - Build amd64 LIVE Binary 20160624-10:47 SourcePackage: shadow UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1641213/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
