https://bugs.kde.org/show_bug.cgi?id=458540
--- Comment #9 from Oleg Solovyov <mcp...@altlinux.org> --- (In reply to David Edmundson from comment #8) > >I don't think it's a good idea to give sgid to the whole greeter > > Me neither. I don't want anyone doing that. > > Lets disable that bit again get some debug from the tcb pam backend and go > from there. $ /usr/lib/chkpwd/tcb_chkpwd bash: /usr/lib/chkpwd/tcb_chkpwd: Отказано в доступе we simply get EACCES when invoking helper without proper permissions # chmod o+x /usr/lib/chkpwd/ # chmod g-s /usr/libexec/kf5/kscreenlocker_greet $ /usr/lib/chkpwd/tcb_chkpwd $ /usr/lib/chkpwd/ does not have o+x bit: # l -d /usr/lib/chkpwd/ drwx--x--- 1 root chkpwd 20 фев 17 2022 /usr/lib/chkpwd/ It prevents /usr/lib/chkpwd/* to execute even if they have o+x bits. And it seems to be intentional tcb/progs/Makefile: install: install-common install -d -o root -g chkpwd -m 710 $(DESTDIR)$(LIBEXECDIR)/chkpwd install -m 2711 -o root -g shadow $(CHKPWD) \ $(DESTDIR)$(LIBEXECDIR)/chkpwd/ -- You are receiving this mail because: You are watching all bug changes.