48872 2023-12-20 18:11:23 +0300 Не выполняется pam-group в K10, в K9 работает 2023-12-29 11:15:04 +0300 1 1 4 Development Sisyphus pam-config unstable x86_64 Linux NEW P5 normal --- 1 petervol ldv alimektor ldv placeholder qa-sisyphus oldest_to_newest 239338 0 petervol 2023-12-20 18:11:23 +0300 В K9: [verzunky@kalt112 ~]# hostnamectl Static hostname: kalt112.dpt.local Icon name: computer-desktop Chassis: desktop Machine ID: 364462b6b342345e30cb7184601a319d Boot ID: 44570c975c584b46a291b7acb23a1189 Operating System: ALT Workstation K 9.2 (Centaurea Pineticola) CPE OS Name: cpe:/o:alt:kworkstation:9.2 Kernel: Linux 5.10.200-un-def-alt1 Architecture: x86-64 [verzunky@kalt112 ~]# tail -n1 /etc/security/group.conf *;*;%altusers;Al0000-2400;vboxusers [verzunky@kalt112 ~]# head -n12 /etc/pam.d/system-auth #%PAM-1.0 auth [success=6 perm_denied=ignore default=die] pam_localuser.so auth [success=1 default=bad] pam_succeed_if.so uid >= 500 quiet auth [default=1] pam_permit.so auth required pam_group.so auth optional pam_mount.so auth substack system-auth-sss-only auth [default=1] pam_permit.so auth substack system-auth-local-only auth substack system-auth-common [verzunky@kalt112 ~]# getent group vboxusers vboxusers:x:469:kuser [verzunky@kalt112 ~]# groups пользователи домена vboxusers altusers altaudio 09 охраны В K10: [verzunky@kalt2test ~]# hostnamectl Static hostname: kalt2test.dpt.local Icon name: computer-desktop Chassis: desktop Machine ID: 3cfa0e54506ed93a1d173920651c1a90 Boot ID: 4015e4d776a5490fbb05d8819996ada6 Operating System: ALT Workstation K 10.2 (Sorbaronia Mitschurinii) CPE OS Name: cpe:/o:alt:kworkstation:10 Kernel: Linux 6.1.67-un-def-alt1 Architecture: x86-64 Hardware Vendor: Gigabyte Technology Co., Ltd. Hardware Model: B360M-D3H [verzunky@kalt2test ~]# tail -n2 /etc/security/group.conf *;*;%altusers;Al0000-2400;vboxusers [verzunky@kalt2test ~]# head -n12 /etc/pam.d/system-auth #%PAM-1.0 auth [success=6 perm_denied=ignore default=die] pam_localuser.so auth [success=1 default=bad] pam_succeed_if.so uid >= 500 quiet auth [default=1] pam_permit.so auth required pam_group.so auth optional pam_mount.so auth substack system-auth-sss-only auth [default=1] pam_permit.so auth substack system-auth-local-only auth substack system-auth-common [verzunky@kalt2test ~]# getent group vboxusers vboxusers:x:463: [verzunky@kalt112 ~]# groups пользователи домена altusers altaudio 09 охраны 239739 1 alimektor 2023-12-28 21:52:25 +0300 Версия: pam-config-1.9.0-alt4 Образ: ALT Workstation K 10.2.1 (обновленный до Sisyphus) # echo '*;*;*;Al0000-2400;wheel,audio,cdrom,cdwriter,vboxusers,scanner' >> /etc/security/group.conf # head /etc/pam.d/system-auth -n 7 #%PAM-1.0 auth [success=4 perm_denied=ignore default=die] pam_localuser.so auth [success=1 default=bad] pam_succeed_if.so uid >= 500 quiet auth [default=1] pam_permit.so auth required pam_group.so auth substack system-auth-sss-only Войти в сессию обычным доменным пользователем, выполнить: $ id | grep wheel Ожидаемый результат: присутствует группа wheel для доменного пользователя. Фактический результат: отсутствует группа wheel для доменного пользователя. Дополнительно 1: не воспроизводится в ALT Workstation 10.1 (обновленный до Sisyphus). Дополнительно 2: не воспроизводится в ALT Workstation K 9.2. 239757 2 petervol 2023-12-29 11:15:04 +0300 В K9 работает: [root@kalt112 ~]# hostnamectl | grep ALT Operating System: ALT Workstation K 9.2 (Centaurea Pineticola) [root@kalt112 ~]# tail -n1 /etc/security/group.conf *;*;*;Al0000-2400;wheel,audio,cdrom,cdwriter,vboxusers,scanner [root@kalt112 ~]# head -n12 /etc/pam.d/system-auth #%PAM-1.0 auth [success=6 perm_denied=ignore default=die] pam_localuser.so auth [success=1 default=bad] pam_succeed_if.so uid >= 500 quiet auth [default=1] pam_permit.so auth required pam_group.so auth optional pam_mount.so auth substack system-auth-sss-only auth [default=1] pam_permit.so auth substack system-auth-local-only auth substack system-auth-common [root@kalt112 ~]# control libnss-role disabled [root@kalt112 ~]# who kuser pts/0 2023-12-29 10:41 (192.168.0.206) [root@kalt112 ~]# id verzunky uid=104601265(verzunky) gid=104600513(пользователи домена) группы=104600513(пользователи домена),104601695(09 охраны),104601304(altusers),104601306(altaudio) [root@kalt112 ~]# who kuser pts/0 2023-12-29 10:41 (192.168.0.206) verzunky tty1 2023-12-29 10:46 (:0) verzunky pts/1 2023-12-29 10:46 (:0) [root@kalt112 ~]# id verzunky uid=104601265(verzunky) gid=104600513(пользователи домена) группы=104600513(пользователи домена),104601695(09 охраны),104601304(altusers),104601306(altaudio) verzunky@kalt112 ~]$ whoami verzunky [verzunky@kalt112 ~]$ id uid=104601265(verzunky) gid=104600513(пользователи домена) группы=104600513(пользователи домена),10(wheel),22(cdrom),80(cdwriter),81(audio),469(vboxusers),499(scanner),104601304(altusers),104601306(altaudio),104601695(09 охраны) В K10 не работает: [root@kalt2test ~]# hostnamectl | grep ALT Operating System: ALT Workstation K 10.2 (Sorbaronia Mitschurinii) [root@kalt2test ~]# tail -n1 /etc/security/group.conf *;*;*;Al0000-2400;wheel,audio,cdrom,cdwriter,vboxusers,scanner [root@kalt2test ~]# head -n12 /etc/pam.d/system-auth #%PAM-1.0 auth [success=6 perm_denied=ignore default=die] pam_localuser.so auth [success=1 default=bad] pam_succeed_if.so uid >= 500 quiet auth [default=1] pam_permit.so auth required pam_group.so auth optional pam_mount.so auth substack system-auth-sss-only auth [default=1] pam_permit.so auth substack system-auth-local-only auth substack system-auth-common [root@kalt2test ~]# control libnss-role disabled [root@kalt2test ~]# who kuser pts/0 2023-12-29 11:04 (192.168.0.206) kuser pts/1 2023-12-29 11:04 (192.168.0.206) [root@kalt2test ~]# id verzunky uid=104601265(verzunky) gid=104600513(пользователи домена) группы=104600513(пользователи домена),104601695(09 охраны),104601306(altaudio),104601304(altusers) [root@kalt2test ~]# who kuser pts/0 2023-12-29 11:04 (192.168.0.206) kuser pts/1 2023-12-29 11:04 (192.168.0.206) verzunky tty1 2023-12-29 11:06 (:0) [root@kalt2test ~]# id verzunky uid=104601265(verzunky) gid=104600513(пользователи домена) группы=104600513(пользователи домена),104601695(09 охраны),104601306(altaudio),104601304(altusers) verzunky@kalt2test ~]$ whoami verzunky [verzunky@kalt2test ~]$ id uid=104601265(verzunky) gid=104600513(пользователи домена) группы=104600513(пользователи домена),104601304(altusers),104601306(altaudio),104601695(09 охраны)