Error Opening /var/log/faillog For Read
here for a quick overview of the site Help Center Detailed answers to any questions you might have Meta Discuss the workings and policies of this site About Us Learn more about Stack Overflow the company Business Learn more about hiring developers or posting ads with us Unix & Linux Questions Tags Users Badges Unanswered Ask Question _ Unix & Linux Stack Exchange is a question and answer site for users of Linux, FreeBSD and other Un*x-like operating systems. Join them; it only takes a minute: Sign up Here's how it works: Anybody can ask a question Anybody can answer The best answers are voted up and rise to the top kcheckpass error opening /var/log/faillog up vote 0 down vote favorite I am seeing the following errors: $ journalctl -b -p3 -- Logs begin at Mon 2016-05-16 21:40:56 EDT, end at Wed 2016-07-27 22:30:13 EDT. -- Jul 27 22:22:26 x99 kcheckpass[5682]: pam_tally(kde:auth): Error opening /var/log/faillog for update Jul 27 22:22:26 x99 kcheckpass[5682]: pam_tally(kde:auth): Error opening /var/log/faillog for read Jul 27 22:22:26 x99 kcheckpass[5682]: pam_tally(kde:auth): Error opening /var/log/faillog for update Jul 27 22:22:26 x99 kcheckpass[5682]: pam_tally(kde:auth): Error opening /var/log/faillog for read Jul 27 22:22:26 x99 kcheckpass[5682]: pam_tally(kde:setcred): Error opening /var/log/faillog for update Jul 27 22:22:26 x99 kcheckpass[5682]: pam_tally(kde:setcred): Error opening /var/log/faillog for update The man page for kcheckpass says: kcheckpass - KDE's authentication program Any program, such as a screensaver with a lock option, that needs to authenticate a user, can use kcheckpass. kcheckpass is a simple setuid program that returns 0 if the user has been authenticated, and 1 if not. Other programs that need user authentication can use kcheckpass witout having setuid status, thus simplifying programs and enhancing system security. SECURITY kcheckpass must be setuid on systems that use shadow passwords. I understand that the setuid permission bit tells Linux to run a program with the effective user id of the owner instead of the executor. However, I do not understand how to implement the solution in this case. What exactly do I need to do? Here are the existing permissions on /var/log/faillog $ ls -la /var/log/faillog -rw-------
Ask Your Question 0 i3lock: Error opening /var/log/faillog for update/read [closed] i3lock pam systemd asked 2012-11-15 11:05:32 +0000 Chris 3 ●2 ●2 ●4 This is on an Arch with systemd; when successfully unlocking the screen from i3lock, two error lines get added to the systemd journal:
... pam_tally(i3lock:auth): Error opening /var/log/faillog for update
... pam_tally(i3lock:auth): Error opening /var/log/faillog for read
(no other harmful effects as far as http://unix.stackexchange.com/questions/302381/kcheckpass-error-opening-var-log-faillog/302960 I can tell) A bit surprising, for a failed unlock attempt (e.g. wrong password), the correct and expected log entry is added:
... pam_unix(i3lock:auth): authentication failure; logname= uid=xxx euid=yyy tty= ruser= rhost= user=name ...etc.etc.
... and there are no other errors. Is this a pam config related issue or something with http://faq.i3wm.org/question/753/i3lock-error-opening-varlogfaillog-for-updateread/ i3lock ? Thanks. edit retag flag offensive reopen merge delete Closed for the following reason question is off-topic or not relevant by Michael close date 2012-11-15 11:10:49.413872 CommentsThe FAQ is not a bugtracker, for that use bugs.i3wm.org. Also, the error is from pam_tally, which has nothing to do with i3lock itself. Please ask at the arch forums/community.Michael( 2012-11-15 11:10:37 +0000 )editFor whoever finds this, it is now fixed: "FS#31544 - [i3lock] can't write to /var/log/faillog" ( https://bugs.archlinux.org/task/31544 ). It was an Arch/Pam config issue.Chris( 2013-01-31 07:37:38 +0000 )editadd a comment Question Tools Follow subscribe to rss feed Stats Asked: 2012-11-15 11:05:32 +0000 Seen: 3,583 times Last updated: Nov 15 '12 Related questions Customize the i3lock unlock-indicator i3lock issue i3lock: how to disable redraw? i3lock customize used text i3lock with gifs lockscreen after closing my laptop i3lock hook How to prevent sleep on laptop lid close? lid button and problems/crash on resume xautolock
Sign in Pricing Blog Support Search GitHub This repository Watch 8 Star 17 Fork 7 lahwaacz/sxlock Code Issues 3 Pull https://github.com/lahwaacz/sxlock/issues/6 requests 2 Projects 0 Pulse Graphs New issue Error opening /var/log/faillog for update #6 Closed orschiro opened this Issue Mar 19, 2014 · 1 comment Projects None yet http://www.linuxquestions.org/questions/linux-security-4/pam_tally-so-not-playing-nice-with-gnome-screensaver-565113/ Labels bug Milestone No milestone Assignees lahwaacz 2 participants orschiro commented Mar 19, 2014 I just noticed that sxlock tries to write to /var/log/faillog error opening but fails: ~ journalctl -b _PID=5509 -- Logs begin at Mi 2013-12-04 22:23:53 CET, end at Mi 2014-03-19 12:37:35 CET. -- Mär 19 10:28:03 thinkpad sxlock[5509]: Warning: no primary output detected, falling back to LVDS1. Mär 19 12:11:28 thinkpad sxlock[5509]: pam_tally(login:auth): Error opening /var/log/faillog for update Mär 19 12:11:28 thinkpad sxlock[5509]: pam_tally(login:auth): Error opening /var/log/faillog for error opening /var/log/faillog read Is this because I am running it as normal user? Any workaround for this or can it be safely ignored? Owner lahwaacz commented Mar 24, 2014 It seems that I have been using the wrong pam file all along, this issue was reported and fixed last year for i3lock: FS#31544. Unfortunately I did not notice it when sxlock was being created (I was using i3lock back then)... Thanks for reporting. lahwaacz added a commit that closed this issue Mar 24, 2014 lahwaacz #6 58c7e06 lahwaacz closed this in 58c7e06 Mar 24, 2014 lahwaacz added the bug label Mar 24, 2014 lahwaacz self-assigned this Mar 24, 2014 Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Tutorials/Articles Search HCL Search Reviews Search ISOs Go to Page... LinuxQuestions.org > Forums > Linux Forums > Linux - Security pam_tally.so not playing nice with gnome-screensaver?? User Name Remember Me? Password Linux - Security This forum is for all security related questions. Questions, tips, system compromises, firewalls, etc. are all included here. Notices Welcome to LinuxQuestions.org, a friendly and active Linux Community. You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today! Note that registered members see fewer ads, and ContentLink is completely disabled once you log in. Are you new to LinuxQuestions.org? Visit the following links: Site Howto | Site FAQ | Sitemap | Register Now If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here. Having a problem logging in? Please visit this page to clear all LQ-related cookies. Introduction to Linux - A Hands on Guide This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter. For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own. Click Here to receive this Complete Guide absolutely free. Search this Thread 06-28-2007, 09:50 AM #1 ricky_ds Member Registered: Aug 2004 Location: Bern, Switzerland Distribution: Kubuntu, FC, RHEL Posts: 48 Blog Entries: 2 Rep: pam_tally.so not playing nice with gnome-screensaver?? Hello all, I've configured pam on our new RHEL5 and found out that everything works as expected, except with the gnome-screensaver. I've then configured /etc/pam.d/gnome-screensaver separately to find out why. Here's the file: Code: #%PAM-1.0 # Fedora Core #auth include system-auth auth required pam_env.so auth required pam_tally.so onerr=succeed auth sufficient pam_unix.so nullok try_first_pass likeauth auth requisite pam_succeed_if.so uid >= 500 quiet auth required pam_deny