Bug 48872

Summary: Не выполняется pam-group в K10, в K9 работает
Product: Sisyphus Reporter: Петр <petervol>
Component: pam-configAssignee: Dmitry V. Levin <ldv>
Status: NEW --- QA Contact: qa-sisyphus
Severity: normal    
Priority: P5 CC: alimektor, ldv, placeholder
Version: unstable   
Hardware: x86_64   
OS: Linux   

Description Петр 2023-12-20 18:11:23 MSK
В K9:

[verzunky@kalt112 ~]# hostnamectl
   Static hostname: kalt112.dpt.local
         Icon name: computer-desktop
           Chassis: desktop
        Machine ID: 364462b6b342345e30cb7184601a319d
           Boot ID: 44570c975c584b46a291b7acb23a1189
  Operating System: ALT Workstation K 9.2  (Centaurea Pineticola)
       CPE OS Name: cpe:/o:alt:kworkstation:9.2
            Kernel: Linux 5.10.200-un-def-alt1
      Architecture: x86-64
[verzunky@kalt112 ~]# tail -n1 /etc/security/group.conf
*;*;%altusers;Al0000-2400;vboxusers
[verzunky@kalt112 ~]# head -n12 /etc/pam.d/system-auth
#%PAM-1.0

auth            [success=6 perm_denied=ignore default=die]      pam_localuser.so
auth            [success=1 default=bad] pam_succeed_if.so uid >= 500 quiet
auth            [default=1]     pam_permit.so
auth            required        pam_group.so
auth            optional        pam_mount.so
auth            substack        system-auth-sss-only
auth            [default=1]     pam_permit.so
auth            substack        system-auth-local-only
auth            substack        system-auth-common

[verzunky@kalt112 ~]# getent group vboxusers
vboxusers:x:469:kuser
[verzunky@kalt112 ~]# groups
пользователи домена vboxusers altusers altaudio 09 охраны


В K10:

[verzunky@kalt2test ~]# hostnamectl
 Static hostname: kalt2test.dpt.local
       Icon name: computer-desktop
         Chassis: desktop
      Machine ID: 3cfa0e54506ed93a1d173920651c1a90
         Boot ID: 4015e4d776a5490fbb05d8819996ada6
Operating System: ALT Workstation K 10.2 (Sorbaronia Mitschurinii)
     CPE OS Name: cpe:/o:alt:kworkstation:10
          Kernel: Linux 6.1.67-un-def-alt1
    Architecture: x86-64
 Hardware Vendor: Gigabyte Technology Co., Ltd.
  Hardware Model: B360M-D3H
[verzunky@kalt2test ~]# tail -n2 /etc/security/group.conf
*;*;%altusers;Al0000-2400;vboxusers

[verzunky@kalt2test ~]# head -n12 /etc/pam.d/system-auth
#%PAM-1.0

auth            [success=6 perm_denied=ignore default=die]      pam_localuser.so
auth            [success=1 default=bad] pam_succeed_if.so uid >= 500 quiet
auth            [default=1]     pam_permit.so
auth            required        pam_group.so
auth            optional        pam_mount.so
auth            substack        system-auth-sss-only
auth            [default=1]     pam_permit.so
auth            substack        system-auth-local-only
auth            substack        system-auth-common

[verzunky@kalt2test ~]# getent group vboxusers
vboxusers:x:463:
[verzunky@kalt112 ~]# groups
пользователи домена altusers altaudio 09 охраны
Comment 1 Evgeny Shesteperov 2023-12-28 21:52:25 MSK
Версия: pam-config-1.9.0-alt4 Образ: ALT Workstation K 10.2.1
(обновленный до Sisyphus)

    # echo '*;*;*;Al0000-2400;wheel,audio,cdrom,cdwriter,vboxusers,scanner' >> /etc/security/group.conf
    # head /etc/pam.d/system-auth -n 7
    #%PAM-1.0

    auth        [success=4 perm_denied=ignore default=die]  pam_localuser.so
    auth        [success=1 default=bad] pam_succeed_if.so uid >= 500 quiet
    auth        [default=1] pam_permit.so
    auth    required        pam_group.so
    auth        substack    system-auth-sss-only

Войти в сессию обычным доменным пользователем, выполнить:

    $ id | grep wheel

Ожидаемый результат: присутствует группа wheel для доменного
пользователя.

Фактический результат: отсутствует группа wheel для доменного
пользователя.

Дополнительно 1: не воспроизводится в ALT Workstation 10.1 (обновленный
до Sisyphus).

Дополнительно 2: не воспроизводится в ALT Workstation K 9.2.
Comment 2 Петр 2023-12-29 11:15:04 MSK
В K9 работает:

[root@kalt112 ~]# hostnamectl | grep ALT
  Operating System: ALT Workstation K 9.2  (Centaurea Pineticola)
[root@kalt112 ~]# tail -n1 /etc/security/group.conf
*;*;*;Al0000-2400;wheel,audio,cdrom,cdwriter,vboxusers,scanner
[root@kalt112 ~]# head -n12 /etc/pam.d/system-auth
#%PAM-1.0

auth            [success=6 perm_denied=ignore default=die]      pam_localuser.so
auth            [success=1 default=bad] pam_succeed_if.so uid >= 500 quiet
auth            [default=1]     pam_permit.so
auth            required        pam_group.so
auth            optional        pam_mount.so
auth            substack        system-auth-sss-only
auth            [default=1]     pam_permit.so
auth            substack        system-auth-local-only
auth            substack        system-auth-common

[root@kalt112 ~]# control libnss-role
disabled
[root@kalt112 ~]# who
kuser    pts/0        2023-12-29 10:41 (192.168.0.206)
[root@kalt112 ~]# id verzunky
uid=104601265(verzunky) gid=104600513(пользователи домена) группы=104600513(пользователи домена),104601695(09 охраны),104601304(altusers),104601306(altaudio)
[root@kalt112 ~]# who
kuser    pts/0        2023-12-29 10:41 (192.168.0.206)
verzunky tty1         2023-12-29 10:46 (:0)
verzunky pts/1        2023-12-29 10:46 (:0)
[root@kalt112 ~]# id verzunky
uid=104601265(verzunky) gid=104600513(пользователи домена) группы=104600513(пользователи домена),104601695(09 охраны),104601304(altusers),104601306(altaudio)

 
verzunky@kalt112 ~]$ whoami
verzunky
[verzunky@kalt112 ~]$ id
uid=104601265(verzunky) gid=104600513(пользователи домена) группы=104600513(пользователи домена),10(wheel),22(cdrom),80(cdwriter),81(audio),469(vboxusers),499(scanner),104601304(altusers),104601306(altaudio),104601695(09 охраны)



В K10 не работает:
 
[root@kalt2test ~]# hostnamectl | grep ALT
Operating System: ALT Workstation K 10.2 (Sorbaronia Mitschurinii)
[root@kalt2test ~]# tail -n1 /etc/security/group.conf
*;*;*;Al0000-2400;wheel,audio,cdrom,cdwriter,vboxusers,scanner
[root@kalt2test ~]# head -n12 /etc/pam.d/system-auth
#%PAM-1.0

auth            [success=6 perm_denied=ignore default=die]      pam_localuser.so
auth            [success=1 default=bad] pam_succeed_if.so uid >= 500 quiet
auth            [default=1]     pam_permit.so
auth            required        pam_group.so
auth            optional        pam_mount.so
auth            substack        system-auth-sss-only
auth            [default=1]     pam_permit.so
auth            substack        system-auth-local-only
auth            substack        system-auth-common

[root@kalt2test ~]# control libnss-role
disabled
[root@kalt2test ~]# who
kuser    pts/0        2023-12-29 11:04 (192.168.0.206)
kuser    pts/1        2023-12-29 11:04 (192.168.0.206)
[root@kalt2test ~]# id verzunky
uid=104601265(verzunky) gid=104600513(пользователи домена) группы=104600513(пользователи домена),104601695(09 охраны),104601306(altaudio),104601304(altusers)
[root@kalt2test ~]# who
kuser    pts/0        2023-12-29 11:04 (192.168.0.206)
kuser    pts/1        2023-12-29 11:04 (192.168.0.206)
verzunky tty1         2023-12-29 11:06 (:0)
[root@kalt2test ~]# id verzunky
uid=104601265(verzunky) gid=104600513(пользователи домена) группы=104600513(пользователи домена),104601695(09 охраны),104601306(altaudio),104601304(altusers)


verzunky@kalt2test ~]$ whoami
verzunky
[verzunky@kalt2test ~]$ id
uid=104601265(verzunky) gid=104600513(пользователи домена) группы=104600513(пользователи домена),104601304(altusers),104601306(altaudio),104601695(09 охраны)