https://bugs.kde.org/show_bug.cgi?id=458540
--- Comment #9 from Oleg Solovyov <mcp...@altlinux.org> ---
(In reply to David Edmundson from comment #8)
> >I don't think it's a good idea to give sgid to the whole greeter
>
> Me neither. I don't want anyone doing that.
>
> Lets disable that bit again get some debug from the tcb pam backend and go
> from there.
$ /usr/lib/chkpwd/tcb_chkpwd
bash: /usr/lib/chkpwd/tcb_chkpwd: Отказано в доступе
we simply get EACCES when invoking helper without proper permissions
# chmod o+x /usr/lib/chkpwd/
# chmod g-s /usr/libexec/kf5/kscreenlocker_greet
$ /usr/lib/chkpwd/tcb_chkpwd
$
/usr/lib/chkpwd/ does not have o+x bit:
# l -d /usr/lib/chkpwd/
drwx--x--- 1 root chkpwd 20 фев 17 2022 /usr/lib/chkpwd/
It prevents /usr/lib/chkpwd/* to execute even if they have o+x bits.
And it seems to be intentional
tcb/progs/Makefile:
install: install-common
install -d -o root -g chkpwd -m 710 $(DESTDIR)$(LIBEXECDIR)/chkpwd
install -m 2711 -o root -g shadow $(CHKPWD) \
$(DESTDIR)$(LIBEXECDIR)/chkpwd/
--
You are receiving this mail because:
You are watching all bug changes.
