[Touch-packages] [Bug 1762391] Re: pam_group.so is not evaluated by gnome-terminal
upstream systemd issue is https://github.com/systemd/systemd/issues/11198 As launchpad was failing to sync the status of the upstream issue, I just marked it manually as fix released. ** Changed in: systemd Importance: Unknown => Undecided ** Changed in: systemd Remote watch: github.com/systemd/systemd/issues #11198 => None ** Changed in: systemd Status: New => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/1762391 Title: pam_group.so is not evaluated by gnome-terminal Status in systemd: Fix Released Status in systemd package in Ubuntu: Fix Released Status in systemd source package in Xenial: Won't Fix Status in systemd source package in Bionic: Fix Released Status in systemd source package in Cosmic: Won't Fix Status in systemd source package in Eoan: Fix Released Status in systemd source package in Focal: Fix Released Bug description: [Impact] pam_setcred call was missing in systemd making its implementation of the PAM protocol incomplete. It could manifest in different ways, but one particularly problematic for enterprise environments was the fact that processes were never getting group membership they were expected to get via pam_group module. [Test Case] * Add a /etc/security/group.conf entry, e.g. *;*;*;Al-2400;dialout,users * Add pam_group to your PAM stack, e.g. /etc/pam.d/common-auth * Login to the system and launch gnome-terminal (it will be launched via gnome-terminal-server launched by systemd --user + dbus). Expected result: Logged in user is a member of 'dialout' and 'users' groups. Actual result: no group membership gained from pam_group. [Regression Potential] * It introduces a new PAM warning message in some scenarios (e.g. for systemd DynamicUser=1 units) for users that can't authenticate (pam_setcred fails in such case). * In certain systems user group membership may be extended by pam_group. [Other Info] Original bug description: We are using Ubuntu in a university network with lots of ldap users. To automatically map ldap users/groups to local groups we are using pam_group.so. This has worked for years. With the upgrade from Xenial to Bionic /etc/security/group.conf is not evaluated anymore by gnome-terminal as it runs as systemd --user. Xterm, ssh, su, and tty* however do work as expected. Only the default gnome-terminal behaves different. According to https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851243 and https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=756458 this might not be a bug, but a feature. Nevertheless this behavior is very unexpected when upgrading from Xenial to Bionic and therefore should at least added to the changelog. ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: gnome-terminal 3.28.0-1ubuntu1 ProcVersionSignature: Ubuntu 4.15.0-10.11-generic 4.15.3 Uname: Linux 4.15.0-10-generic x86_64 NonfreeKernelModules: nvidia_modeset nvidia ApportVersion: 2.20.9-0ubuntu4 Architecture: amd64 CurrentDesktop: ubuntu:GNOME Date: Mon Apr 9 13:17:52 2018 InstallationDate: Installed on 2018-03-29 (11 days ago) InstallationMedia: Ubuntu 18.04 LTS "Bionic Beaver" - Alpha amd64 (20180321) SourcePackage: gnome-terminal UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/systemd/+bug/1762391/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1762391] Re: pam_group.so is not evaluated by gnome-terminal
This bug was fixed in the package systemd - 237-3ubuntu10.39 --- systemd (237-3ubuntu10.39) bionic; urgency=medium [ Dariusz Gadomski ] * d/p/lp1762391/0001-Call-getgroups-to-know-size-of-supplementary-groups-.patch, d/p/lp1762391/0002-user-util-tweak-to-in_gid.patch, d/p/lp1762391/0003-user-util-Add-helper-functions-for-gid-lists-operati.patch, d/p/lp1762391/0004-execute-Restore-call-to-pam_setcred.patch, d/p/lp1762391/0005-execute-Detect-groups-added-by-PAM-and-merge-them-wi.patch, d/p/lp1762391/0006-test-Add-tests-for-gid-list-ops.patch, d/p/lp1762391/0007-execute-add-const-to-array-parameters-where-possible.patch, d/p/lp1762391/0008-execute-allow-pam_setcred-to-fail-ignore-errors.patch: - Restore call to pam_setcred (LP: #1762391) [ Ioanna Alifieraki ] * d/p/lp1860548/0001-Revert-Replace-use-of-snprintf-with-xsprintf.patch, d/p/lp1860548/0002-job-truncate-unit-description.patch: - use snprintf instead of xsprintf (LP: #1860548) [ Dan Streetman ] * d/p/lp1833193-network-update-address-when-static-address-was-alrea.patch: - Update lft when static addr was cfg by dhcp (LP: #1833193) * d/p/lp1849261/0001-core-when-we-can-t-enqueue-OnFailure-job-show-full-e.patch, d/p/lp1849261/0002-core-don-t-trigger-OnFailure-deps-when-a-unit-is-goi.patch: - Only trigger OnFailure= if Restart= is not in effect (LP: #1849261) * d/p/lp1671951-network-set-ipv6-mtu-after-link-up-or-device-mtu-cha.patch: - set ipv6 mtu at correct time (LP: #1671951) * d/p/lp1845909/0001-networkd-honour-LinkLocalAddressing.patch, d/p/lp1845909/0002-networkd-fix-link_up-12505.patch, d/p/lp1845909/0003-network-do-not-send-ipv6-token-to-kernel.patch, d/p/lp1845909/0004-network-rename-linux_configure_after_setting_mtu-to-linux.patch, d/p/lp1845909/0005-network-add-link-setting_genmode-flag.patch, d/p/lp1845909/0006-network-if-ipv6ll-is-disabled-enumerate-tentative-ipv6-ad.patch, d/p/lp1845909/0007-network-drop-foreign-config-after-addr_gen_mode-has-been-.patch, d/p/lp1845909/0008-network-drop-IPv6LL-address-when-LinkLocalAddressing.patch: - if LinkLocalAddressing=no prevent creation of ipv6ll (LP: #1845909) * d/p/lp1859862-network-Do-not-disable-IPv6-by-writing-to-sysctl.patch: - enable ipv6 when needed (LP: #1859862) * d/p/lp1836695-networkd-Add-back-static-routes-after-DHCPv4-lease-e.patch: - (re)add static routes after getting dhcp4 addr (LP: #1836695) * d/t/storage: - fix buggy test (LP: #1831459) - without scsi_debug, skip test (LP: #1847816) -- Dan Streetman Thu, 06 Feb 2020 10:00:49 -0500 ** Changed in: systemd (Ubuntu Bionic) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/1762391 Title: pam_group.so is not evaluated by gnome-terminal Status in systemd: New Status in systemd package in Ubuntu: Fix Released Status in systemd source package in Xenial: Won't Fix Status in systemd source package in Bionic: Fix Released Status in systemd source package in Cosmic: Won't Fix Status in systemd source package in Eoan: Fix Released Status in systemd source package in Focal: Fix Released Bug description: [Impact] pam_setcred call was missing in systemd making its implementation of the PAM protocol incomplete. It could manifest in different ways, but one particularly problematic for enterprise environments was the fact that processes were never getting group membership they were expected to get via pam_group module. [Test Case] * Add a /etc/security/group.conf entry, e.g. *;*;*;Al-2400;dialout,users * Add pam_group to your PAM stack, e.g. /etc/pam.d/common-auth * Login to the system and launch gnome-terminal (it will be launched via gnome-terminal-server launched by systemd --user + dbus). Expected result: Logged in user is a member of 'dialout' and 'users' groups. Actual result: no group membership gained from pam_group. [Regression Potential] * It introduces a new PAM warning message in some scenarios (e.g. for systemd DynamicUser=1 units) for users that can't authenticate (pam_setcred fails in such case). * In certain systems user group membership may be extended by pam_group. [Other Info] Original bug description: We are using Ubuntu in a university network with lots of ldap users. To automatically map ldap users/groups to local groups we are using pam_group.so. This has worked for years. With the upgrade from Xenial to Bionic /etc/security/group.conf is not evaluated anymore by gnome-terminal as it runs as systemd --user. Xterm, ssh, su, and tty* however do work as expected. Only the default gnome-terminal behaves different. According to https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851243 and
[Touch-packages] [Bug 1762391] Re: pam_group.so is not evaluated by gnome-terminal
This bug was fixed in the package systemd - 242-7ubuntu3.7 --- systemd (242-7ubuntu3.7) eoan; urgency=medium [ Dariusz Gadomski ] * d/p/lp1762391/0001-Call-getgroups-to-know-size-of-supplementary-groups-.patch, d/p/lp1762391/0002-user-util-tweak-to-in_gid.patch, d/p/lp1762391/0003-user-util-Add-helper-functions-for-gid-lists-operati.patch, d/p/lp1762391/0004-execute-Restore-call-to-pam_setcred.patch, d/p/lp1762391/0005-execute-Detect-groups-added-by-PAM-and-merge-them-wi.patch, d/p/lp1762391/0006-test-Add-tests-for-gid-list-ops.patch, d/p/lp1762391/0007-execute-add-const-to-array-parameters-where-possible.patch, d/p/lp1762391/0008-execute-allow-pam_setcred-to-fail-ignore-errors.patch: - Restore call to pam_setcred (LP: #1762391) * d/p/lp1846232/0001-network-honor-MTUBytes-setting.patch, d/p/lp1846232/0002-network-bump-MTU-bytes-only-when-MTUByte-is-not-set.patch: - do not always bump MTU with additional 4bytes (LP: #1846232) * d/p/lp1671951-network-set-ipv6-mtu-after-link-up-or-device-mtu-cha.patch: - set ipv6 mtu at correct time (LP: #1671951) * d/p/lp1845909/0001-network-rename-linux_configure_after_setting_mtu-to-linux.patch, d/p/lp1845909/0002-network-add-link-setting_genmode-flag.patch, d/p/lp1845909/0003-network-if-ipv6ll-is-disabled-enumerate-tentative-ipv6-ad.patch, d/p/lp1845909/0004-network-drop-foreign-config-after-addr_gen_mode-has-been-.patch, d/p/lp1845909/0005-network-drop-IPv6LL-address-when-LinkLocalAddressing.patch: - drop foreign config and raise interface after setting genmode (LP: #1845909) * d/t/storage: without scsi_debug, skip test (LP: #1847816) -- Dan Streetman Thu, 06 Feb 2020 09:45:57 -0500 ** Changed in: systemd (Ubuntu Eoan) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/1762391 Title: pam_group.so is not evaluated by gnome-terminal Status in systemd: New Status in systemd package in Ubuntu: Fix Released Status in systemd source package in Xenial: Won't Fix Status in systemd source package in Bionic: Fix Committed Status in systemd source package in Cosmic: Won't Fix Status in systemd source package in Eoan: Fix Released Status in systemd source package in Focal: Fix Released Bug description: [Impact] pam_setcred call was missing in systemd making its implementation of the PAM protocol incomplete. It could manifest in different ways, but one particularly problematic for enterprise environments was the fact that processes were never getting group membership they were expected to get via pam_group module. [Test Case] * Add a /etc/security/group.conf entry, e.g. *;*;*;Al-2400;dialout,users * Add pam_group to your PAM stack, e.g. /etc/pam.d/common-auth * Login to the system and launch gnome-terminal (it will be launched via gnome-terminal-server launched by systemd --user + dbus). Expected result: Logged in user is a member of 'dialout' and 'users' groups. Actual result: no group membership gained from pam_group. [Regression Potential] * It introduces a new PAM warning message in some scenarios (e.g. for systemd DynamicUser=1 units) for users that can't authenticate (pam_setcred fails in such case). * In certain systems user group membership may be extended by pam_group. [Other Info] Original bug description: We are using Ubuntu in a university network with lots of ldap users. To automatically map ldap users/groups to local groups we are using pam_group.so. This has worked for years. With the upgrade from Xenial to Bionic /etc/security/group.conf is not evaluated anymore by gnome-terminal as it runs as systemd --user. Xterm, ssh, su, and tty* however do work as expected. Only the default gnome-terminal behaves different. According to https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851243 and https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=756458 this might not be a bug, but a feature. Nevertheless this behavior is very unexpected when upgrading from Xenial to Bionic and therefore should at least added to the changelog. ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: gnome-terminal 3.28.0-1ubuntu1 ProcVersionSignature: Ubuntu 4.15.0-10.11-generic 4.15.3 Uname: Linux 4.15.0-10-generic x86_64 NonfreeKernelModules: nvidia_modeset nvidia ApportVersion: 2.20.9-0ubuntu4 Architecture: amd64 CurrentDesktop: ubuntu:GNOME Date: Mon Apr 9 13:17:52 2018 InstallationDate: Installed on 2018-03-29 (11 days ago) InstallationMedia: Ubuntu 18.04 LTS "Bionic Beaver" - Alpha amd64 (20180321) SourcePackage: gnome-terminal UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to:
[Touch-packages] [Bug 1762391] Re: pam_group.so is not evaluated by gnome-terminal
Similarly for bionic using version 237-3ubuntu10.39 verification was also successsful: ubuntu@bionic:~$ groups ubuntu adm dialout cdrom sudo dip plugdev users lpadmin sambashare vboxsf ** Tags removed: verification-needed verification-needed-bionic verification-needed-eoan ** Tags added: verification-done verification-done-bionic verification-done-eoan -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/1762391 Title: pam_group.so is not evaluated by gnome-terminal Status in systemd: New Status in systemd package in Ubuntu: Fix Released Status in systemd source package in Xenial: Won't Fix Status in systemd source package in Bionic: Fix Committed Status in systemd source package in Cosmic: Won't Fix Status in systemd source package in Eoan: Fix Committed Status in systemd source package in Focal: Fix Released Bug description: [Impact] pam_setcred call was missing in systemd making its implementation of the PAM protocol incomplete. It could manifest in different ways, but one particularly problematic for enterprise environments was the fact that processes were never getting group membership they were expected to get via pam_group module. [Test Case] * Add a /etc/security/group.conf entry, e.g. *;*;*;Al-2400;dialout,users * Add pam_group to your PAM stack, e.g. /etc/pam.d/common-auth * Login to the system and launch gnome-terminal (it will be launched via gnome-terminal-server launched by systemd --user + dbus). Expected result: Logged in user is a member of 'dialout' and 'users' groups. Actual result: no group membership gained from pam_group. [Regression Potential] * It introduces a new PAM warning message in some scenarios (e.g. for systemd DynamicUser=1 units) for users that can't authenticate (pam_setcred fails in such case). * In certain systems user group membership may be extended by pam_group. [Other Info] Original bug description: We are using Ubuntu in a university network with lots of ldap users. To automatically map ldap users/groups to local groups we are using pam_group.so. This has worked for years. With the upgrade from Xenial to Bionic /etc/security/group.conf is not evaluated anymore by gnome-terminal as it runs as systemd --user. Xterm, ssh, su, and tty* however do work as expected. Only the default gnome-terminal behaves different. According to https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851243 and https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=756458 this might not be a bug, but a feature. Nevertheless this behavior is very unexpected when upgrading from Xenial to Bionic and therefore should at least added to the changelog. ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: gnome-terminal 3.28.0-1ubuntu1 ProcVersionSignature: Ubuntu 4.15.0-10.11-generic 4.15.3 Uname: Linux 4.15.0-10-generic x86_64 NonfreeKernelModules: nvidia_modeset nvidia ApportVersion: 2.20.9-0ubuntu4 Architecture: amd64 CurrentDesktop: ubuntu:GNOME Date: Mon Apr 9 13:17:52 2018 InstallationDate: Installed on 2018-03-29 (11 days ago) InstallationMedia: Ubuntu 18.04 LTS "Bionic Beaver" - Alpha amd64 (20180321) SourcePackage: gnome-terminal UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/systemd/+bug/1762391/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1762391] Re: pam_group.so is not evaluated by gnome-terminal
I have repeated verification for eoan (242-7ubuntu3.7) with identical results. ubuntu@eoan:~$ groups ubuntu adm dialout cdrom sudo dip plugdev users lpadmin lxd sambashare -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/1762391 Title: pam_group.so is not evaluated by gnome-terminal Status in systemd: New Status in systemd package in Ubuntu: Fix Released Status in systemd source package in Xenial: Won't Fix Status in systemd source package in Bionic: Fix Committed Status in systemd source package in Cosmic: Won't Fix Status in systemd source package in Eoan: Fix Committed Status in systemd source package in Focal: Fix Released Bug description: [Impact] pam_setcred call was missing in systemd making its implementation of the PAM protocol incomplete. It could manifest in different ways, but one particularly problematic for enterprise environments was the fact that processes were never getting group membership they were expected to get via pam_group module. [Test Case] * Add a /etc/security/group.conf entry, e.g. *;*;*;Al-2400;dialout,users * Add pam_group to your PAM stack, e.g. /etc/pam.d/common-auth * Login to the system and launch gnome-terminal (it will be launched via gnome-terminal-server launched by systemd --user + dbus). Expected result: Logged in user is a member of 'dialout' and 'users' groups. Actual result: no group membership gained from pam_group. [Regression Potential] * It introduces a new PAM warning message in some scenarios (e.g. for systemd DynamicUser=1 units) for users that can't authenticate (pam_setcred fails in such case). * In certain systems user group membership may be extended by pam_group. [Other Info] Original bug description: We are using Ubuntu in a university network with lots of ldap users. To automatically map ldap users/groups to local groups we are using pam_group.so. This has worked for years. With the upgrade from Xenial to Bionic /etc/security/group.conf is not evaluated anymore by gnome-terminal as it runs as systemd --user. Xterm, ssh, su, and tty* however do work as expected. Only the default gnome-terminal behaves different. According to https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851243 and https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=756458 this might not be a bug, but a feature. Nevertheless this behavior is very unexpected when upgrading from Xenial to Bionic and therefore should at least added to the changelog. ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: gnome-terminal 3.28.0-1ubuntu1 ProcVersionSignature: Ubuntu 4.15.0-10.11-generic 4.15.3 Uname: Linux 4.15.0-10-generic x86_64 NonfreeKernelModules: nvidia_modeset nvidia ApportVersion: 2.20.9-0ubuntu4 Architecture: amd64 CurrentDesktop: ubuntu:GNOME Date: Mon Apr 9 13:17:52 2018 InstallationDate: Installed on 2018-03-29 (11 days ago) InstallationMedia: Ubuntu 18.04 LTS "Bionic Beaver" - Alpha amd64 (20180321) SourcePackage: gnome-terminal UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/systemd/+bug/1762391/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1762391] Re: pam_group.so is not evaluated by gnome-terminal
Hello mtemp, or anyone else affected, Accepted systemd into eoan-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/systemd/242-7ubuntu3.7 in a few hours, and then in the -proposed repository. Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users. If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-eoan to verification-done-eoan. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-eoan. In either case, without details of your testing we will not be able to proceed. Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping! N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days. ** Changed in: systemd (Ubuntu Eoan) Status: In Progress => Fix Committed ** Tags removed: verification-failed verification-failed-eoan ** Tags added: verification-needed verification-needed-eoan ** Changed in: systemd (Ubuntu Bionic) Status: In Progress => Fix Committed ** Tags removed: verification-failed-bionic ** Tags added: verification-needed-bionic -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/1762391 Title: pam_group.so is not evaluated by gnome-terminal Status in systemd: New Status in systemd package in Ubuntu: Fix Released Status in systemd source package in Xenial: Won't Fix Status in systemd source package in Bionic: Fix Committed Status in systemd source package in Cosmic: Won't Fix Status in systemd source package in Eoan: Fix Committed Status in systemd source package in Focal: Fix Released Bug description: [Impact] pam_setcred call was missing in systemd making its implementation of the PAM protocol incomplete. It could manifest in different ways, but one particularly problematic for enterprise environments was the fact that processes were never getting group membership they were expected to get via pam_group module. [Test Case] * Add a /etc/security/group.conf entry, e.g. *;*;*;Al-2400;dialout,users * Add pam_group to your PAM stack, e.g. /etc/pam.d/common-auth * Login to the system and launch gnome-terminal (it will be launched via gnome-terminal-server launched by systemd --user + dbus). Expected result: Logged in user is a member of 'dialout' and 'users' groups. Actual result: no group membership gained from pam_group. [Regression Potential] * It introduces a new PAM warning message in some scenarios (e.g. for systemd DynamicUser=1 units) for users that can't authenticate (pam_setcred fails in such case). * In certain systems user group membership may be extended by pam_group. [Other Info] Original bug description: We are using Ubuntu in a university network with lots of ldap users. To automatically map ldap users/groups to local groups we are using pam_group.so. This has worked for years. With the upgrade from Xenial to Bionic /etc/security/group.conf is not evaluated anymore by gnome-terminal as it runs as systemd --user. Xterm, ssh, su, and tty* however do work as expected. Only the default gnome-terminal behaves different. According to https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851243 and https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=756458 this might not be a bug, but a feature. Nevertheless this behavior is very unexpected when upgrading from Xenial to Bionic and therefore should at least added to the changelog. ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: gnome-terminal 3.28.0-1ubuntu1 ProcVersionSignature: Ubuntu 4.15.0-10.11-generic 4.15.3 Uname: Linux 4.15.0-10-generic x86_64 NonfreeKernelModules: nvidia_modeset nvidia ApportVersion: 2.20.9-0ubuntu4 Architecture: amd64 CurrentDesktop: ubuntu:GNOME Date: Mon Apr 9 13:17:52 2018 InstallationDate: Installed on 2018-03-29 (11 days ago) InstallationMedia: Ubuntu 18.04 LTS "Bionic Beaver" - Alpha amd64 (20180321) SourcePackage: gnome-terminal UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/systemd/+bug/1762391/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1762391] Re: pam_group.so is not evaluated by gnome-terminal
This SRU needs to be reuploaded, due to security update that trumped this in progress SRU. ** Changed in: systemd (Ubuntu Bionic) Status: Fix Committed => In Progress ** Changed in: systemd (Ubuntu Eoan) Status: Fix Committed => In Progress ** Tags removed: verification-done verification-done-bionic verification-done-eoan ** Tags added: verification-failed verification-failed-bionic verification-failed-eoan -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/1762391 Title: pam_group.so is not evaluated by gnome-terminal Status in systemd: New Status in systemd package in Ubuntu: Fix Released Status in systemd source package in Xenial: Won't Fix Status in systemd source package in Bionic: In Progress Status in systemd source package in Cosmic: Won't Fix Status in systemd source package in Eoan: In Progress Status in systemd source package in Focal: Fix Released Bug description: [Impact] pam_setcred call was missing in systemd making its implementation of the PAM protocol incomplete. It could manifest in different ways, but one particularly problematic for enterprise environments was the fact that processes were never getting group membership they were expected to get via pam_group module. [Test Case] * Add a /etc/security/group.conf entry, e.g. *;*;*;Al-2400;dialout,users * Add pam_group to your PAM stack, e.g. /etc/pam.d/common-auth * Login to the system and launch gnome-terminal (it will be launched via gnome-terminal-server launched by systemd --user + dbus). Expected result: Logged in user is a member of 'dialout' and 'users' groups. Actual result: no group membership gained from pam_group. [Regression Potential] * It introduces a new PAM warning message in some scenarios (e.g. for systemd DynamicUser=1 units) for users that can't authenticate (pam_setcred fails in such case). * In certain systems user group membership may be extended by pam_group. [Other Info] Original bug description: We are using Ubuntu in a university network with lots of ldap users. To automatically map ldap users/groups to local groups we are using pam_group.so. This has worked for years. With the upgrade from Xenial to Bionic /etc/security/group.conf is not evaluated anymore by gnome-terminal as it runs as systemd --user. Xterm, ssh, su, and tty* however do work as expected. Only the default gnome-terminal behaves different. According to https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851243 and https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=756458 this might not be a bug, but a feature. Nevertheless this behavior is very unexpected when upgrading from Xenial to Bionic and therefore should at least added to the changelog. ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: gnome-terminal 3.28.0-1ubuntu1 ProcVersionSignature: Ubuntu 4.15.0-10.11-generic 4.15.3 Uname: Linux 4.15.0-10-generic x86_64 NonfreeKernelModules: nvidia_modeset nvidia ApportVersion: 2.20.9-0ubuntu4 Architecture: amd64 CurrentDesktop: ubuntu:GNOME Date: Mon Apr 9 13:17:52 2018 InstallationDate: Installed on 2018-03-29 (11 days ago) InstallationMedia: Ubuntu 18.04 LTS "Bionic Beaver" - Alpha amd64 (20180321) SourcePackage: gnome-terminal UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/systemd/+bug/1762391/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1762391] Re: pam_group.so is not evaluated by gnome-terminal
With identical setup and testcase for eoan I have managed to successfully verify the patch with version 242-7ubuntu3.3: ubuntu@eoan:~$ groups ubuntu adm dialout cdrom sudo dip plugdev users lpadmin lxd sambashare ubuntu@eoan:~$ ** Tags removed: verification-needed-eoan ** Tags added: verification-done-eoan ** Tags removed: verification-needed ** Tags added: verification-done -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/1762391 Title: pam_group.so is not evaluated by gnome-terminal Status in systemd: New Status in systemd package in Ubuntu: Fix Released Status in systemd source package in Xenial: Won't Fix Status in systemd source package in Bionic: Fix Committed Status in systemd source package in Cosmic: Won't Fix Status in systemd source package in Eoan: Fix Committed Status in systemd source package in Focal: Fix Released Bug description: [Impact] pam_setcred call was missing in systemd making its implementation of the PAM protocol incomplete. It could manifest in different ways, but one particularly problematic for enterprise environments was the fact that processes were never getting group membership they were expected to get via pam_group module. [Test Case] * Add a /etc/security/group.conf entry, e.g. *;*;*;Al-2400;dialout,users * Add pam_group to your PAM stack, e.g. /etc/pam.d/common-auth * Login to the system and launch gnome-terminal (it will be launched via gnome-terminal-server launched by systemd --user + dbus). Expected result: Logged in user is a member of 'dialout' and 'users' groups. Actual result: no group membership gained from pam_group. [Regression Potential] * It introduces a new PAM warning message in some scenarios (e.g. for systemd DynamicUser=1 units) for users that can't authenticate (pam_setcred fails in such case). * In certain systems user group membership may be extended by pam_group. [Other Info] Original bug description: We are using Ubuntu in a university network with lots of ldap users. To automatically map ldap users/groups to local groups we are using pam_group.so. This has worked for years. With the upgrade from Xenial to Bionic /etc/security/group.conf is not evaluated anymore by gnome-terminal as it runs as systemd --user. Xterm, ssh, su, and tty* however do work as expected. Only the default gnome-terminal behaves different. According to https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851243 and https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=756458 this might not be a bug, but a feature. Nevertheless this behavior is very unexpected when upgrading from Xenial to Bionic and therefore should at least added to the changelog. ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: gnome-terminal 3.28.0-1ubuntu1 ProcVersionSignature: Ubuntu 4.15.0-10.11-generic 4.15.3 Uname: Linux 4.15.0-10-generic x86_64 NonfreeKernelModules: nvidia_modeset nvidia ApportVersion: 2.20.9-0ubuntu4 Architecture: amd64 CurrentDesktop: ubuntu:GNOME Date: Mon Apr 9 13:17:52 2018 InstallationDate: Installed on 2018-03-29 (11 days ago) InstallationMedia: Ubuntu 18.04 LTS "Bionic Beaver" - Alpha amd64 (20180321) SourcePackage: gnome-terminal UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/systemd/+bug/1762391/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1762391] Re: pam_group.so is not evaluated by gnome-terminal
I have just verified bionic. With version 237-3ubuntu10.34 after replaying test case from the description I see the groups from /etc/security/group.conf (dialout, users) added: ubuntu@bionic:~$ groups ubuntu adm dialout cdrom sudo dip plugdev users lpadmin sambashare vboxsf ** Tags removed: verification-needed-bionic ** Tags added: verification-done-bionic -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/1762391 Title: pam_group.so is not evaluated by gnome-terminal Status in systemd: New Status in systemd package in Ubuntu: Fix Released Status in systemd source package in Xenial: Won't Fix Status in systemd source package in Bionic: Fix Committed Status in systemd source package in Cosmic: Won't Fix Status in systemd source package in Eoan: Fix Committed Status in systemd source package in Focal: Fix Released Bug description: [Impact] pam_setcred call was missing in systemd making its implementation of the PAM protocol incomplete. It could manifest in different ways, but one particularly problematic for enterprise environments was the fact that processes were never getting group membership they were expected to get via pam_group module. [Test Case] * Add a /etc/security/group.conf entry, e.g. *;*;*;Al-2400;dialout,users * Add pam_group to your PAM stack, e.g. /etc/pam.d/common-auth * Login to the system and launch gnome-terminal (it will be launched via gnome-terminal-server launched by systemd --user + dbus). Expected result: Logged in user is a member of 'dialout' and 'users' groups. Actual result: no group membership gained from pam_group. [Regression Potential] * It introduces a new PAM warning message in some scenarios (e.g. for systemd DynamicUser=1 units) for users that can't authenticate (pam_setcred fails in such case). * In certain systems user group membership may be extended by pam_group. [Other Info] Original bug description: We are using Ubuntu in a university network with lots of ldap users. To automatically map ldap users/groups to local groups we are using pam_group.so. This has worked for years. With the upgrade from Xenial to Bionic /etc/security/group.conf is not evaluated anymore by gnome-terminal as it runs as systemd --user. Xterm, ssh, su, and tty* however do work as expected. Only the default gnome-terminal behaves different. According to https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851243 and https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=756458 this might not be a bug, but a feature. Nevertheless this behavior is very unexpected when upgrading from Xenial to Bionic and therefore should at least added to the changelog. ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: gnome-terminal 3.28.0-1ubuntu1 ProcVersionSignature: Ubuntu 4.15.0-10.11-generic 4.15.3 Uname: Linux 4.15.0-10-generic x86_64 NonfreeKernelModules: nvidia_modeset nvidia ApportVersion: 2.20.9-0ubuntu4 Architecture: amd64 CurrentDesktop: ubuntu:GNOME Date: Mon Apr 9 13:17:52 2018 InstallationDate: Installed on 2018-03-29 (11 days ago) InstallationMedia: Ubuntu 18.04 LTS "Bionic Beaver" - Alpha amd64 (20180321) SourcePackage: gnome-terminal UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/systemd/+bug/1762391/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1762391] Re: pam_group.so is not evaluated by gnome-terminal
Hello mtemp, or anyone else affected, Accepted systemd into bionic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/systemd/237-3ubuntu10.34 in a few hours, and then in the -proposed repository. Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users. If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-bionic to verification-done-bionic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-bionic. In either case, without details of your testing we will not be able to proceed. Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping! N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days. ** Changed in: systemd (Ubuntu Bionic) Status: In Progress => Fix Committed ** Tags added: verification-needed-bionic -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/1762391 Title: pam_group.so is not evaluated by gnome-terminal Status in systemd: New Status in systemd package in Ubuntu: Fix Released Status in systemd source package in Xenial: Won't Fix Status in systemd source package in Bionic: Fix Committed Status in systemd source package in Cosmic: Won't Fix Status in systemd source package in Eoan: Fix Committed Status in systemd source package in Focal: Fix Released Bug description: [Impact] pam_setcred call was missing in systemd making its implementation of the PAM protocol incomplete. It could manifest in different ways, but one particularly problematic for enterprise environments was the fact that processes were never getting group membership they were expected to get via pam_group module. [Test Case] * Add a /etc/security/group.conf entry, e.g. *;*;*;Al-2400;dialout,users * Add pam_group to your PAM stack, e.g. /etc/pam.d/common-auth * Login to the system and launch gnome-terminal (it will be launched via gnome-terminal-server launched by systemd --user + dbus). Expected result: Logged in user is a member of 'dialout' and 'users' groups. Actual result: no group membership gained from pam_group. [Regression Potential] * It introduces a new PAM warning message in some scenarios (e.g. for systemd DynamicUser=1 units) for users that can't authenticate (pam_setcred fails in such case). * In certain systems user group membership may be extended by pam_group. [Other Info] Original bug description: We are using Ubuntu in a university network with lots of ldap users. To automatically map ldap users/groups to local groups we are using pam_group.so. This has worked for years. With the upgrade from Xenial to Bionic /etc/security/group.conf is not evaluated anymore by gnome-terminal as it runs as systemd --user. Xterm, ssh, su, and tty* however do work as expected. Only the default gnome-terminal behaves different. According to https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851243 and https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=756458 this might not be a bug, but a feature. Nevertheless this behavior is very unexpected when upgrading from Xenial to Bionic and therefore should at least added to the changelog. ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: gnome-terminal 3.28.0-1ubuntu1 ProcVersionSignature: Ubuntu 4.15.0-10.11-generic 4.15.3 Uname: Linux 4.15.0-10-generic x86_64 NonfreeKernelModules: nvidia_modeset nvidia ApportVersion: 2.20.9-0ubuntu4 Architecture: amd64 CurrentDesktop: ubuntu:GNOME Date: Mon Apr 9 13:17:52 2018 InstallationDate: Installed on 2018-03-29 (11 days ago) InstallationMedia: Ubuntu 18.04 LTS "Bionic Beaver" - Alpha amd64 (20180321) SourcePackage: gnome-terminal UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/systemd/+bug/1762391/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1762391] Re: pam_group.so is not evaluated by gnome-terminal
Hello mtemp, or anyone else affected, Accepted systemd into eoan-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/systemd/242-7ubuntu3.3 in a few hours, and then in the -proposed repository. Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users. If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-eoan to verification-done-eoan. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-eoan. In either case, without details of your testing we will not be able to proceed. Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping! N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days. ** Changed in: systemd (Ubuntu Eoan) Status: In Progress => Fix Committed ** Tags added: verification-needed verification-needed-eoan -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/1762391 Title: pam_group.so is not evaluated by gnome-terminal Status in systemd: New Status in systemd package in Ubuntu: Fix Released Status in systemd source package in Xenial: Won't Fix Status in systemd source package in Bionic: In Progress Status in systemd source package in Cosmic: Won't Fix Status in systemd source package in Eoan: Fix Committed Status in systemd source package in Focal: Fix Released Bug description: [Impact] pam_setcred call was missing in systemd making its implementation of the PAM protocol incomplete. It could manifest in different ways, but one particularly problematic for enterprise environments was the fact that processes were never getting group membership they were expected to get via pam_group module. [Test Case] * Add a /etc/security/group.conf entry, e.g. *;*;*;Al-2400;dialout,users * Add pam_group to your PAM stack, e.g. /etc/pam.d/common-auth * Login to the system and launch gnome-terminal (it will be launched via gnome-terminal-server launched by systemd --user + dbus). Expected result: Logged in user is a member of 'dialout' and 'users' groups. Actual result: no group membership gained from pam_group. [Regression Potential] * It introduces a new PAM warning message in some scenarios (e.g. for systemd DynamicUser=1 units) for users that can't authenticate (pam_setcred fails in such case). * In certain systems user group membership may be extended by pam_group. [Other Info] Original bug description: We are using Ubuntu in a university network with lots of ldap users. To automatically map ldap users/groups to local groups we are using pam_group.so. This has worked for years. With the upgrade from Xenial to Bionic /etc/security/group.conf is not evaluated anymore by gnome-terminal as it runs as systemd --user. Xterm, ssh, su, and tty* however do work as expected. Only the default gnome-terminal behaves different. According to https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851243 and https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=756458 this might not be a bug, but a feature. Nevertheless this behavior is very unexpected when upgrading from Xenial to Bionic and therefore should at least added to the changelog. ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: gnome-terminal 3.28.0-1ubuntu1 ProcVersionSignature: Ubuntu 4.15.0-10.11-generic 4.15.3 Uname: Linux 4.15.0-10-generic x86_64 NonfreeKernelModules: nvidia_modeset nvidia ApportVersion: 2.20.9-0ubuntu4 Architecture: amd64 CurrentDesktop: ubuntu:GNOME Date: Mon Apr 9 13:17:52 2018 InstallationDate: Installed on 2018-03-29 (11 days ago) InstallationMedia: Ubuntu 18.04 LTS "Bionic Beaver" - Alpha amd64 (20180321) SourcePackage: gnome-terminal UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/systemd/+bug/1762391/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1762391] Re: pam_group.so is not evaluated by gnome-terminal
** Bug watch removed: github.com/systemd/systemd/issues #14567 https://github.com/systemd/systemd/issues/14567 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/1762391 Title: pam_group.so is not evaluated by gnome-terminal Status in systemd: New Status in systemd package in Ubuntu: Fix Released Status in systemd source package in Xenial: Won't Fix Status in systemd source package in Bionic: In Progress Status in systemd source package in Cosmic: Won't Fix Status in systemd source package in Eoan: In Progress Status in systemd source package in Focal: Fix Released Bug description: [Impact] pam_setcred call was missing in systemd making its implementation of the PAM protocol incomplete. It could manifest in different ways, but one particularly problematic for enterprise environments was the fact that processes were never getting group membership they were expected to get via pam_group module. [Test Case] * Add a /etc/security/group.conf entry, e.g. *;*;*;Al-2400;dialout,users * Add pam_group to your PAM stack, e.g. /etc/pam.d/common-auth * Login to the system and launch gnome-terminal (it will be launched via gnome-terminal-server launched by systemd --user + dbus). Expected result: Logged in user is a member of 'dialout' and 'users' groups. Actual result: no group membership gained from pam_group. [Regression Potential] * It introduces a new PAM warning message in some scenarios (e.g. for systemd DynamicUser=1 units) for users that can't authenticate (pam_setcred fails in such case). * In certain systems user group membership may be extended by pam_group. [Other Info] Original bug description: We are using Ubuntu in a university network with lots of ldap users. To automatically map ldap users/groups to local groups we are using pam_group.so. This has worked for years. With the upgrade from Xenial to Bionic /etc/security/group.conf is not evaluated anymore by gnome-terminal as it runs as systemd --user. Xterm, ssh, su, and tty* however do work as expected. Only the default gnome-terminal behaves different. According to https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851243 and https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=756458 this might not be a bug, but a feature. Nevertheless this behavior is very unexpected when upgrading from Xenial to Bionic and therefore should at least added to the changelog. ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: gnome-terminal 3.28.0-1ubuntu1 ProcVersionSignature: Ubuntu 4.15.0-10.11-generic 4.15.3 Uname: Linux 4.15.0-10-generic x86_64 NonfreeKernelModules: nvidia_modeset nvidia ApportVersion: 2.20.9-0ubuntu4 Architecture: amd64 CurrentDesktop: ubuntu:GNOME Date: Mon Apr 9 13:17:52 2018 InstallationDate: Installed on 2018-03-29 (11 days ago) InstallationMedia: Ubuntu 18.04 LTS "Bionic Beaver" - Alpha amd64 (20180321) SourcePackage: gnome-terminal UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/systemd/+bug/1762391/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1762391] Re: pam_group.so is not evaluated by gnome-terminal
systemd in Xenial differs to much to cleanly apply the upstream fix. It would require reimplementing it and may be more risky than useful. Marking Won't fix. ** Changed in: systemd (Ubuntu Xenial) Status: New => Won't Fix -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/1762391 Title: pam_group.so is not evaluated by gnome-terminal Status in systemd: New Status in systemd package in Ubuntu: Fix Released Status in systemd source package in Xenial: Won't Fix Status in systemd source package in Bionic: In Progress Status in systemd source package in Cosmic: Won't Fix Status in systemd source package in Eoan: In Progress Status in systemd source package in Focal: Fix Released Bug description: [Impact] pam_setcred call was missing in systemd making its implementation of the PAM protocol incomplete. It could manifest in different ways, but one particularly problematic for enterprise environments was the fact that processes were never getting group membership they were expected to get via pam_group module. [Test Case] * Add a /etc/security/group.conf entry, e.g. *;*;*;Al-2400;dialout,users * Add pam_group to your PAM stack, e.g. /etc/pam.d/common-auth * Login to the system and launch gnome-terminal (it will be launched via gnome-terminal-server launched by systemd --user + dbus). Expected result: Logged in user is a member of 'dialout' and 'users' groups. Actual result: no group membership gained from pam_group. [Regression Potential] * It introduces a new PAM warning message in some scenarios (e.g. for systemd DynamicUser=1 units) for users that can't authenticate (pam_setcred fails in such case). * In certain systems user group membership may be extended by pam_group. [Other Info] Original bug description: We are using Ubuntu in a university network with lots of ldap users. To automatically map ldap users/groups to local groups we are using pam_group.so. This has worked for years. With the upgrade from Xenial to Bionic /etc/security/group.conf is not evaluated anymore by gnome-terminal as it runs as systemd --user. Xterm, ssh, su, and tty* however do work as expected. Only the default gnome-terminal behaves different. According to https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851243 and https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=756458 this might not be a bug, but a feature. Nevertheless this behavior is very unexpected when upgrading from Xenial to Bionic and therefore should at least added to the changelog. ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: gnome-terminal 3.28.0-1ubuntu1 ProcVersionSignature: Ubuntu 4.15.0-10.11-generic 4.15.3 Uname: Linux 4.15.0-10-generic x86_64 NonfreeKernelModules: nvidia_modeset nvidia ApportVersion: 2.20.9-0ubuntu4 Architecture: amd64 CurrentDesktop: ubuntu:GNOME Date: Mon Apr 9 13:17:52 2018 InstallationDate: Installed on 2018-03-29 (11 days ago) InstallationMedia: Ubuntu 18.04 LTS "Bionic Beaver" - Alpha amd64 (20180321) SourcePackage: gnome-terminal UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/systemd/+bug/1762391/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1762391] Re: pam_group.so is not evaluated by gnome-terminal
This bug was fixed in the package systemd - 244.1-0ubuntu2 --- systemd (244.1-0ubuntu2) focal; urgency=medium [ Dimitri John Ledkov ] * shutdown: do not detach autoclear loopback devices Author: Dimitri John Ledkov File: debian/patches/shutdown-do-not-detach-autoclear-loopback-devices.patch https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=3978d34b59e98cdd01836c41a10442967636b8fc [ Balint Reczey ] * Revert upstream commit breaking IPv4 DHCP in LXC containers in 244.1 (LP: #1857123) File: debian/patches/Revert-network-if-sys-is-rw-then-udev-should-be-around.patch https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=39c12f8e736afd1b7bdeb13ff6bccaea85020873 systemd (244.1-0ubuntu1) focal; urgency=medium * New upstream version 244.1 - network: set ipv6 mtu after link-up or device mtu change (LP: #1671951) - & other changes * Refresh patches. - Dropped changes: * d/p/lp-1853852-*: fix issues with muliplexed shmat calls (LP: #1853852) Files: - debian/patches/lp-1853852-seccomp-fix-multiplexed-system-calls.patch - debian/patches/lp-1853852-seccomp-mmap-test-results-depend-on-kernel-libseccom.patch https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=382271662c60c339b0a404c7a1772fe5670516ef * d/p/lp1671951-network-set-ipv6-mtu-after-link-up-or-device-mtu-cha.patch: set ipv6 mtu at correct time * pstore: Don't start systemd-pstore.service in containers. Usually it is not useful and can also fail making boot-and-services autopkgtest fail. (LP: #1856729) File: debian/patches/pstore-Don-t-start-systemd-pstore.service-in-containers.patch https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=28b5a03769cbed9d3170ebac38508b867530a2d6 * Revert: network: do not drop foreign config if interface is in initialized state. This fixes FTBFS with the other network-related reverts. File: debian/patches/Revert-network-do-not-drop-foreign-config-if-interface-is.patch https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=22a9fa3bb03ba2a629926af39ea7df81fe33c9b8 systemd (244-3ubuntu5) focal; urgency=medium [ Dariusz Gadomski ] * d/p/lp1762391/0001-user-util-Add-helper-functions-for-gid-lists-operati.patch, d/p/lp1762391/0002-execute-Restore-call-to-pam_setcred.patch, d/p/lp1762391/0003-execute-Detect-groups-added-by-PAM-and-merge-them-wi.patch, d/p/lp1762391/0004-test-Add-tests-for-gid-list-ops.patch, d/p/lp1762391/0005-execute-add-const-to-array-parameters-where-possible.patch, d/p/lp1762391/0006-execute-allow-pam_setcred-to-fail-ignore-errors.patch: - Restore call to pam_setcred (LP: #1762391) [ Dan Streetman ] * d/t/storage: without scsi_debug, skip test (LP: #1847816) systemd (244-3ubuntu4) focal; urgency=medium * d/p/lp1671951-network-set-ipv6-mtu-after-link-up-or-device-mtu-cha.patch: set ipv6 mtu at correct time (LP: #1671951) * d/p/0001-network-rename-linux_configure_after_setting_mtu-to-linux.patch, d/p/0002-network-add-link-setting_genmode-flag.patch, d/p/0003-network-if-ipv6ll-is-disabled-enumerate-tentative-ipv6-ad.patch, d/p/0004-network-drop-foreign-config-after-addr_gen_mode-has-been-.patch: - drop foreign config and raise interface after setting genmode (LP: #1845909) systemd (244-3ubuntu3) focal; urgency=medium * shutdown: cherry-pick PR#14409 to fix detach of loopback devices for Ubuntu Core 20 File: debian/patches/shutdown-modernizations-pr-14409.patch https://github.com/systemd/systemd/pull/14409.diff systemd (244-3ubuntu2) focal; urgency=medium * d/p/debian/UBUNTU-Support-system-image-read-only-etc.patch: - re-add missing bits for timedated.c (LP: #1778936) -- Balint Reczey Wed, 22 Jan 2020 16:27:49 +0100 ** Changed in: systemd (Ubuntu Focal) Status: In Progress => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/1762391 Title: pam_group.so is not evaluated by gnome-terminal Status in systemd: New Status in systemd package in Ubuntu: Fix Released Status in systemd source package in Xenial: New Status in systemd source package in Bionic: In Progress Status in systemd source package in Cosmic: Won't Fix Status in systemd source package in Eoan: In Progress Status in systemd source package in Focal: Fix Released Bug description: [Impact] pam_setcred call was missing in systemd making its implementation of the PAM protocol incomplete. It could manifest in different ways, but one particularly problematic for enterprise environments was the fact that processes were never getting group membership they were expected to get via pam_group module. [Test Case] * Add a
[Touch-packages] [Bug 1762391] Re: pam_group.so is not evaluated by gnome-terminal
** Tags added: ddstreet-next -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/1762391 Title: pam_group.so is not evaluated by gnome-terminal Status in systemd: New Status in systemd package in Ubuntu: In Progress Status in systemd source package in Xenial: New Status in systemd source package in Bionic: In Progress Status in systemd source package in Cosmic: Won't Fix Status in systemd source package in Eoan: In Progress Status in systemd source package in Focal: In Progress Bug description: [Impact] pam_setcred call was missing in systemd making its implementation of the PAM protocol incomplete. It could manifest in different ways, but one particularly problematic for enterprise environments was the fact that processes were never getting group membership they were expected to get via pam_group module. [Test Case] * Add a /etc/security/group.conf entry, e.g. *;*;*;Al-2400;dialout,users * Add pam_group to your PAM stack, e.g. /etc/pam.d/common-auth * Login to the system and launch gnome-terminal (it will be launched via gnome-terminal-server launched by systemd --user + dbus). Expected result: Logged in user is a member of 'dialout' and 'users' groups. Actual result: no group membership gained from pam_group. [Regression Potential] * It introduces a new PAM warning message in some scenarios (e.g. for systemd DynamicUser=1 units) for users that can't authenticate (pam_setcred fails in such case). * In certain systems user group membership may be extended by pam_group. [Other Info] Original bug description: We are using Ubuntu in a university network with lots of ldap users. To automatically map ldap users/groups to local groups we are using pam_group.so. This has worked for years. With the upgrade from Xenial to Bionic /etc/security/group.conf is not evaluated anymore by gnome-terminal as it runs as systemd --user. Xterm, ssh, su, and tty* however do work as expected. Only the default gnome-terminal behaves different. According to https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851243 and https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=756458 this might not be a bug, but a feature. Nevertheless this behavior is very unexpected when upgrading from Xenial to Bionic and therefore should at least added to the changelog. ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: gnome-terminal 3.28.0-1ubuntu1 ProcVersionSignature: Ubuntu 4.15.0-10.11-generic 4.15.3 Uname: Linux 4.15.0-10-generic x86_64 NonfreeKernelModules: nvidia_modeset nvidia ApportVersion: 2.20.9-0ubuntu4 Architecture: amd64 CurrentDesktop: ubuntu:GNOME Date: Mon Apr 9 13:17:52 2018 InstallationDate: Installed on 2018-03-29 (11 days ago) InstallationMedia: Ubuntu 18.04 LTS "Bionic Beaver" - Alpha amd64 (20180321) SourcePackage: gnome-terminal UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/systemd/+bug/1762391/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1762391] Re: pam_group.so is not evaluated by gnome-terminal
** Tags added: sts sts-sponsor-ddstreet -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/1762391 Title: pam_group.so is not evaluated by gnome-terminal Status in systemd: New Status in systemd package in Ubuntu: In Progress Status in systemd source package in Xenial: New Status in systemd source package in Bionic: In Progress Status in systemd source package in Cosmic: Won't Fix Status in systemd source package in Eoan: In Progress Status in systemd source package in Focal: In Progress Bug description: [Impact] pam_setcred call was missing in systemd making its implementation of the PAM protocol incomplete. It could manifest in different ways, but one particularly problematic for enterprise environments was the fact that processes were never getting group membership they were expected to get via pam_group module. [Test Case] * Add a /etc/security/group.conf entry, e.g. *;*;*;Al-2400;dialout,users * Add pam_group to your PAM stack, e.g. /etc/pam.d/common-auth * Login to the system and launch gnome-terminal (it will be launched via gnome-terminal-server launched by systemd --user + dbus). Expected result: Logged in user is a member of 'dialout' and 'users' groups. Actual result: no group membership gained from pam_group. [Regression Potential] * It introduces a new PAM warning message in some scenarios (e.g. for systemd DynamicUser=1 units) for users that can't authenticate (pam_setcred fails in such case). * In certain systems user group membership may be extended by pam_group. [Other Info] Original bug description: We are using Ubuntu in a university network with lots of ldap users. To automatically map ldap users/groups to local groups we are using pam_group.so. This has worked for years. With the upgrade from Xenial to Bionic /etc/security/group.conf is not evaluated anymore by gnome-terminal as it runs as systemd --user. Xterm, ssh, su, and tty* however do work as expected. Only the default gnome-terminal behaves different. According to https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851243 and https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=756458 this might not be a bug, but a feature. Nevertheless this behavior is very unexpected when upgrading from Xenial to Bionic and therefore should at least added to the changelog. ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: gnome-terminal 3.28.0-1ubuntu1 ProcVersionSignature: Ubuntu 4.15.0-10.11-generic 4.15.3 Uname: Linux 4.15.0-10-generic x86_64 NonfreeKernelModules: nvidia_modeset nvidia ApportVersion: 2.20.9-0ubuntu4 Architecture: amd64 CurrentDesktop: ubuntu:GNOME Date: Mon Apr 9 13:17:52 2018 InstallationDate: Installed on 2018-03-29 (11 days ago) InstallationMedia: Ubuntu 18.04 LTS "Bionic Beaver" - Alpha amd64 (20180321) SourcePackage: gnome-terminal UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/systemd/+bug/1762391/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1762391] Re: pam_group.so is not evaluated by gnome-terminal
SRU proposal for bionic (patches split) ** Patch removed: "bionic_systemd_237-3ubuntu10.34.debdiff" https://bugs.launchpad.net/systemd/+bug/1762391/+attachment/5321138/+files/bionic_systemd_237-3ubuntu10.34.debdiff ** Patch added: "bionic_systemd_237-3ubuntu10.34.debdiff" https://bugs.launchpad.net/systemd/+bug/1762391/+attachment/5321724/+files/bionic_systemd_237-3ubuntu10.34.debdiff -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/1762391 Title: pam_group.so is not evaluated by gnome-terminal Status in systemd: New Status in systemd package in Ubuntu: In Progress Status in systemd source package in Xenial: New Status in systemd source package in Bionic: In Progress Status in systemd source package in Cosmic: Won't Fix Status in systemd source package in Eoan: In Progress Status in systemd source package in Focal: In Progress Bug description: [Impact] pam_setcred call was missing in systemd making its implementation of the PAM protocol incomplete. It could manifest in different ways, but one particularly problematic for enterprise environments was the fact that processes were never getting group membership they were expected to get via pam_group module. [Test Case] * Add a /etc/security/group.conf entry, e.g. *;*;*;Al-2400;dialout,users * Add pam_group to your PAM stack, e.g. /etc/pam.d/common-auth * Login to the system and launch gnome-terminal (it will be launched via gnome-terminal-server launched by systemd --user + dbus). Expected result: Logged in user is a member of 'dialout' and 'users' groups. Actual result: no group membership gained from pam_group. [Regression Potential] * It introduces a new PAM warning message in some scenarios (e.g. for systemd DynamicUser=1 units) for users that can't authenticate (pam_setcred fails in such case). * In certain systems user group membership may be extended by pam_group. [Other Info] Original bug description: We are using Ubuntu in a university network with lots of ldap users. To automatically map ldap users/groups to local groups we are using pam_group.so. This has worked for years. With the upgrade from Xenial to Bionic /etc/security/group.conf is not evaluated anymore by gnome-terminal as it runs as systemd --user. Xterm, ssh, su, and tty* however do work as expected. Only the default gnome-terminal behaves different. According to https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851243 and https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=756458 this might not be a bug, but a feature. Nevertheless this behavior is very unexpected when upgrading from Xenial to Bionic and therefore should at least added to the changelog. ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: gnome-terminal 3.28.0-1ubuntu1 ProcVersionSignature: Ubuntu 4.15.0-10.11-generic 4.15.3 Uname: Linux 4.15.0-10-generic x86_64 NonfreeKernelModules: nvidia_modeset nvidia ApportVersion: 2.20.9-0ubuntu4 Architecture: amd64 CurrentDesktop: ubuntu:GNOME Date: Mon Apr 9 13:17:52 2018 InstallationDate: Installed on 2018-03-29 (11 days ago) InstallationMedia: Ubuntu 18.04 LTS "Bionic Beaver" - Alpha amd64 (20180321) SourcePackage: gnome-terminal UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/systemd/+bug/1762391/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1762391] Re: pam_group.so is not evaluated by gnome-terminal
SRU proposal for eoan (patches split) ** Patch removed: "eoan_systemd_242-7ubuntu3.3.debdiff" https://bugs.launchpad.net/systemd/+bug/1762391/+attachment/5321139/+files/eoan_systemd_242-7ubuntu3.3.debdiff ** Patch added: "eoan_systemd_242-7ubuntu3.3.debdiff" https://bugs.launchpad.net/systemd/+bug/1762391/+attachment/5321722/+files/eoan_systemd_242-7ubuntu3.3.debdiff -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/1762391 Title: pam_group.so is not evaluated by gnome-terminal Status in systemd: New Status in systemd package in Ubuntu: In Progress Status in systemd source package in Xenial: New Status in systemd source package in Bionic: In Progress Status in systemd source package in Cosmic: Won't Fix Status in systemd source package in Eoan: In Progress Status in systemd source package in Focal: In Progress Bug description: [Impact] pam_setcred call was missing in systemd making its implementation of the PAM protocol incomplete. It could manifest in different ways, but one particularly problematic for enterprise environments was the fact that processes were never getting group membership they were expected to get via pam_group module. [Test Case] * Add a /etc/security/group.conf entry, e.g. *;*;*;Al-2400;dialout,users * Add pam_group to your PAM stack, e.g. /etc/pam.d/common-auth * Login to the system and launch gnome-terminal (it will be launched via gnome-terminal-server launched by systemd --user + dbus). Expected result: Logged in user is a member of 'dialout' and 'users' groups. Actual result: no group membership gained from pam_group. [Regression Potential] * It introduces a new PAM warning message in some scenarios (e.g. for systemd DynamicUser=1 units) for users that can't authenticate (pam_setcred fails in such case). * In certain systems user group membership may be extended by pam_group. [Other Info] Original bug description: We are using Ubuntu in a university network with lots of ldap users. To automatically map ldap users/groups to local groups we are using pam_group.so. This has worked for years. With the upgrade from Xenial to Bionic /etc/security/group.conf is not evaluated anymore by gnome-terminal as it runs as systemd --user. Xterm, ssh, su, and tty* however do work as expected. Only the default gnome-terminal behaves different. According to https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851243 and https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=756458 this might not be a bug, but a feature. Nevertheless this behavior is very unexpected when upgrading from Xenial to Bionic and therefore should at least added to the changelog. ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: gnome-terminal 3.28.0-1ubuntu1 ProcVersionSignature: Ubuntu 4.15.0-10.11-generic 4.15.3 Uname: Linux 4.15.0-10-generic x86_64 NonfreeKernelModules: nvidia_modeset nvidia ApportVersion: 2.20.9-0ubuntu4 Architecture: amd64 CurrentDesktop: ubuntu:GNOME Date: Mon Apr 9 13:17:52 2018 InstallationDate: Installed on 2018-03-29 (11 days ago) InstallationMedia: Ubuntu 18.04 LTS "Bionic Beaver" - Alpha amd64 (20180321) SourcePackage: gnome-terminal UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/systemd/+bug/1762391/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1762391] Re: pam_group.so is not evaluated by gnome-terminal
SRU proposal for eoan. ** Patch added: "eoan_systemd_242-7ubuntu3.3.debdiff" https://bugs.launchpad.net/systemd/+bug/1762391/+attachment/5321139/+files/eoan_systemd_242-7ubuntu3.3.debdiff ** Description changed: [Impact] - pam_setcred call was missing in systemd making it's implementation of the PAM protocol problematic. It could manifest in different ways, but one particularly problematic for enterprise environments was the fact that + pam_setcred call was missing in systemd making its implementation of the PAM protocol incomplete. It could manifest in different ways, but one particularly problematic for enterprise environments was the fact that processes were never getting group membership they were expected to get via pam_group module. [Test Case] - * Add a /etc/security/group.conf entry, e.g. -*;*;*;Al-2400;dialout,users - * Add pam_group to your PAM stack, e.g. /etc/pam.d/common-auth - * Login to the system and launch gnome-terminal (it will be launched via gnome-terminal-server launched by systemd --user + dbus). + * Add a /etc/security/group.conf entry, e.g. + *;*;*;Al-2400;dialout,users + * Add pam_group to your PAM stack, e.g. /etc/pam.d/common-auth + * Login to the system and launch gnome-terminal (it will be launched via gnome-terminal-server launched by systemd --user + dbus). Expected result: Logged in user is a member of 'dialout' and 'users' groups. Actual result: no group membership gained from pam_group. [Regression Potential] - * It introduces a new PAM warning message in some scenarios (e.g. for + * It introduces a new PAM warning message in some scenarios (e.g. for systemd DynamicUser=1 units) for users that can't authenticate (pam_setcred fails in such case). - * In certain systems user group membership may be extended by + * In certain systems user group membership may be extended by pam_group. [Other Info] Original bug description: We are using Ubuntu in a university network with lots of ldap users. To automatically map ldap users/groups to local groups we are using pam_group.so. This has worked for years. With the upgrade from Xenial to Bionic /etc/security/group.conf is not evaluated anymore by gnome-terminal as it runs as systemd --user. Xterm, ssh, su, and tty* however do work as expected. Only the default gnome- terminal behaves different. According to https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851243 and https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=756458 this might not be a bug, but a feature. Nevertheless this behavior is very unexpected when upgrading from Xenial to Bionic and therefore should at least added to the changelog. ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: gnome-terminal 3.28.0-1ubuntu1 ProcVersionSignature: Ubuntu 4.15.0-10.11-generic 4.15.3 Uname: Linux 4.15.0-10-generic x86_64 NonfreeKernelModules: nvidia_modeset nvidia ApportVersion: 2.20.9-0ubuntu4 Architecture: amd64 CurrentDesktop: ubuntu:GNOME Date: Mon Apr 9 13:17:52 2018 InstallationDate: Installed on 2018-03-29 (11 days ago) InstallationMedia: Ubuntu 18.04 LTS "Bionic Beaver" - Alpha amd64 (20180321) SourcePackage: gnome-terminal UpgradeStatus: No upgrade log present (probably fresh install) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/1762391 Title: pam_group.so is not evaluated by gnome-terminal Status in systemd: New Status in systemd package in Ubuntu: In Progress Status in systemd source package in Xenial: New Status in systemd source package in Bionic: In Progress Status in systemd source package in Cosmic: Won't Fix Status in systemd source package in Eoan: In Progress Status in systemd source package in Focal: In Progress Bug description: [Impact] pam_setcred call was missing in systemd making its implementation of the PAM protocol incomplete. It could manifest in different ways, but one particularly problematic for enterprise environments was the fact that processes were never getting group membership they were expected to get via pam_group module. [Test Case] * Add a /etc/security/group.conf entry, e.g. *;*;*;Al-2400;dialout,users * Add pam_group to your PAM stack, e.g. /etc/pam.d/common-auth * Login to the system and launch gnome-terminal (it will be launched via gnome-terminal-server launched by systemd --user + dbus). Expected result: Logged in user is a member of 'dialout' and 'users' groups. Actual result: no group membership gained from pam_group. [Regression Potential] * It introduces a new PAM warning message in some scenarios (e.g. for systemd DynamicUser=1 units) for users that can't authenticate (pam_setcred fails in such case). * In certain systems user group membership may be extended by
[Touch-packages] [Bug 1762391] Re: pam_group.so is not evaluated by gnome-terminal
SRU proposal for bionic. ** Patch added: "bionic_systemd_237-3ubuntu10.34.debdiff" https://bugs.launchpad.net/systemd/+bug/1762391/+attachment/5321138/+files/bionic_systemd_237-3ubuntu10.34.debdiff -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/1762391 Title: pam_group.so is not evaluated by gnome-terminal Status in systemd: New Status in systemd package in Ubuntu: In Progress Status in systemd source package in Xenial: New Status in systemd source package in Bionic: In Progress Status in systemd source package in Cosmic: Won't Fix Status in systemd source package in Eoan: In Progress Status in systemd source package in Focal: In Progress Bug description: [Impact] pam_setcred call was missing in systemd making its implementation of the PAM protocol incomplete. It could manifest in different ways, but one particularly problematic for enterprise environments was the fact that processes were never getting group membership they were expected to get via pam_group module. [Test Case] * Add a /etc/security/group.conf entry, e.g. *;*;*;Al-2400;dialout,users * Add pam_group to your PAM stack, e.g. /etc/pam.d/common-auth * Login to the system and launch gnome-terminal (it will be launched via gnome-terminal-server launched by systemd --user + dbus). Expected result: Logged in user is a member of 'dialout' and 'users' groups. Actual result: no group membership gained from pam_group. [Regression Potential] * It introduces a new PAM warning message in some scenarios (e.g. for systemd DynamicUser=1 units) for users that can't authenticate (pam_setcred fails in such case). * In certain systems user group membership may be extended by pam_group. [Other Info] Original bug description: We are using Ubuntu in a university network with lots of ldap users. To automatically map ldap users/groups to local groups we are using pam_group.so. This has worked for years. With the upgrade from Xenial to Bionic /etc/security/group.conf is not evaluated anymore by gnome-terminal as it runs as systemd --user. Xterm, ssh, su, and tty* however do work as expected. Only the default gnome-terminal behaves different. According to https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851243 and https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=756458 this might not be a bug, but a feature. Nevertheless this behavior is very unexpected when upgrading from Xenial to Bionic and therefore should at least added to the changelog. ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: gnome-terminal 3.28.0-1ubuntu1 ProcVersionSignature: Ubuntu 4.15.0-10.11-generic 4.15.3 Uname: Linux 4.15.0-10-generic x86_64 NonfreeKernelModules: nvidia_modeset nvidia ApportVersion: 2.20.9-0ubuntu4 Architecture: amd64 CurrentDesktop: ubuntu:GNOME Date: Mon Apr 9 13:17:52 2018 InstallationDate: Installed on 2018-03-29 (11 days ago) InstallationMedia: Ubuntu 18.04 LTS "Bionic Beaver" - Alpha amd64 (20180321) SourcePackage: gnome-terminal UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/systemd/+bug/1762391/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1762391] Re: pam_group.so is not evaluated by gnome-terminal
** Description changed: + [Impact] + + pam_setcred call was missing in systemd making it's implementation of the PAM protocol problematic. It could manifest in different ways, but one particularly problematic for enterprise environments was the fact that + processes were never getting group membership they were expected to get via pam_group module. + + [Test Case] + + * Add a /etc/security/group.conf entry, e.g. +*;*;*;Al-2400;dialout,users + * Add pam_group to your PAM stack, e.g. /etc/pam.d/common-auth + * Login to the system and launch gnome-terminal (it will be launched via gnome-terminal-server launched by systemd --user + dbus). + + Expected result: + Logged in user is a member of 'dialout' and 'users' groups. + + Actual result: + no group membership gained from pam_group. + + [Regression Potential] + + * It introduces a new PAM warning message in some scenarios (e.g. for + systemd DynamicUser=1 units) for users that can't authenticate + (pam_setcred fails in such case). + + * In certain systems user group membership may be extended by + pam_group. + + [Other Info] + Original bug description: + We are using Ubuntu in a university network with lots of ldap users. To automatically map ldap users/groups to local groups we are using pam_group.so. This has worked for years. With the upgrade from Xenial to Bionic /etc/security/group.conf is not evaluated anymore by gnome-terminal as it runs as systemd --user. Xterm, ssh, su, and tty* however do work as expected. Only the default gnome- terminal behaves different. According to https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851243 and https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=756458 this might not be a bug, but a feature. Nevertheless this behavior is very unexpected when upgrading from Xenial to Bionic and therefore should at least added to the changelog. ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: gnome-terminal 3.28.0-1ubuntu1 ProcVersionSignature: Ubuntu 4.15.0-10.11-generic 4.15.3 Uname: Linux 4.15.0-10-generic x86_64 NonfreeKernelModules: nvidia_modeset nvidia ApportVersion: 2.20.9-0ubuntu4 Architecture: amd64 CurrentDesktop: ubuntu:GNOME Date: Mon Apr 9 13:17:52 2018 InstallationDate: Installed on 2018-03-29 (11 days ago) InstallationMedia: Ubuntu 18.04 LTS "Bionic Beaver" - Alpha amd64 (20180321) SourcePackage: gnome-terminal UpgradeStatus: No upgrade log present (probably fresh install) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/1762391 Title: pam_group.so is not evaluated by gnome-terminal Status in systemd: New Status in systemd package in Ubuntu: In Progress Status in systemd source package in Xenial: New Status in systemd source package in Bionic: In Progress Status in systemd source package in Cosmic: Won't Fix Status in systemd source package in Eoan: In Progress Status in systemd source package in Focal: In Progress Bug description: [Impact] pam_setcred call was missing in systemd making it's implementation of the PAM protocol problematic. It could manifest in different ways, but one particularly problematic for enterprise environments was the fact that processes were never getting group membership they were expected to get via pam_group module. [Test Case] * Add a /etc/security/group.conf entry, e.g. *;*;*;Al-2400;dialout,users * Add pam_group to your PAM stack, e.g. /etc/pam.d/common-auth * Login to the system and launch gnome-terminal (it will be launched via gnome-terminal-server launched by systemd --user + dbus). Expected result: Logged in user is a member of 'dialout' and 'users' groups. Actual result: no group membership gained from pam_group. [Regression Potential] * It introduces a new PAM warning message in some scenarios (e.g. for systemd DynamicUser=1 units) for users that can't authenticate (pam_setcred fails in such case). * In certain systems user group membership may be extended by pam_group. [Other Info] Original bug description: We are using Ubuntu in a university network with lots of ldap users. To automatically map ldap users/groups to local groups we are using pam_group.so. This has worked for years. With the upgrade from Xenial to Bionic /etc/security/group.conf is not evaluated anymore by gnome-terminal as it runs as systemd --user. Xterm, ssh, su, and tty* however do work as expected. Only the default gnome-terminal behaves different. According to https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851243 and https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=756458 this might not be a bug, but a feature. Nevertheless this behavior is very unexpected when upgrading from Xenial to Bionic and therefore should at least added to the changelog. ProblemType: Bug
[Touch-packages] [Bug 1762391] Re: pam_group.so is not evaluated by gnome-terminal
** Also affects: systemd (Ubuntu Focal) Importance: Undecided Assignee: Dariusz Gadomski (dgadomski) Status: In Progress ** Changed in: systemd (Ubuntu Focal) Importance: Undecided => Medium ** Changed in: systemd (Ubuntu Eoan) Importance: Undecided => Medium ** Changed in: systemd (Ubuntu Bionic) Importance: Undecided => Medium -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/1762391 Title: pam_group.so is not evaluated by gnome-terminal Status in systemd: New Status in systemd package in Ubuntu: In Progress Status in systemd source package in Xenial: New Status in systemd source package in Bionic: In Progress Status in systemd source package in Cosmic: Won't Fix Status in systemd source package in Eoan: In Progress Status in systemd source package in Focal: In Progress Bug description: We are using Ubuntu in a university network with lots of ldap users. To automatically map ldap users/groups to local groups we are using pam_group.so. This has worked for years. With the upgrade from Xenial to Bionic /etc/security/group.conf is not evaluated anymore by gnome-terminal as it runs as systemd --user. Xterm, ssh, su, and tty* however do work as expected. Only the default gnome-terminal behaves different. According to https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851243 and https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=756458 this might not be a bug, but a feature. Nevertheless this behavior is very unexpected when upgrading from Xenial to Bionic and therefore should at least added to the changelog. ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: gnome-terminal 3.28.0-1ubuntu1 ProcVersionSignature: Ubuntu 4.15.0-10.11-generic 4.15.3 Uname: Linux 4.15.0-10-generic x86_64 NonfreeKernelModules: nvidia_modeset nvidia ApportVersion: 2.20.9-0ubuntu4 Architecture: amd64 CurrentDesktop: ubuntu:GNOME Date: Mon Apr 9 13:17:52 2018 InstallationDate: Installed on 2018-03-29 (11 days ago) InstallationMedia: Ubuntu 18.04 LTS "Bionic Beaver" - Alpha amd64 (20180321) SourcePackage: gnome-terminal UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/systemd/+bug/1762391/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1762391] Re: pam_group.so is not evaluated by gnome-terminal
SRU proposal for focal. Upstream regression has been resolved and the fix is integrated in the patch. ** No longer affects: gnome-terminal (Ubuntu Eoan) ** Patch removed: "focal_systemd_244-3ubuntu4.debdiff" https://bugs.launchpad.net/systemd/+bug/1762391/+attachment/5320077/+files/focal_systemd_244-3ubuntu4.debdiff ** Patch added: "focal_systemd_244-3ubuntu4.debdiff" https://bugs.launchpad.net/systemd/+bug/1762391/+attachment/5320810/+files/focal_systemd_244-3ubuntu4.debdiff -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/1762391 Title: pam_group.so is not evaluated by gnome-terminal Status in systemd: New Status in systemd package in Ubuntu: In Progress Status in systemd source package in Xenial: New Status in systemd source package in Bionic: In Progress Status in systemd source package in Cosmic: Won't Fix Status in systemd source package in Eoan: In Progress Bug description: We are using Ubuntu in a university network with lots of ldap users. To automatically map ldap users/groups to local groups we are using pam_group.so. This has worked for years. With the upgrade from Xenial to Bionic /etc/security/group.conf is not evaluated anymore by gnome-terminal as it runs as systemd --user. Xterm, ssh, su, and tty* however do work as expected. Only the default gnome-terminal behaves different. According to https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851243 and https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=756458 this might not be a bug, but a feature. Nevertheless this behavior is very unexpected when upgrading from Xenial to Bionic and therefore should at least added to the changelog. ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: gnome-terminal 3.28.0-1ubuntu1 ProcVersionSignature: Ubuntu 4.15.0-10.11-generic 4.15.3 Uname: Linux 4.15.0-10-generic x86_64 NonfreeKernelModules: nvidia_modeset nvidia ApportVersion: 2.20.9-0ubuntu4 Architecture: amd64 CurrentDesktop: ubuntu:GNOME Date: Mon Apr 9 13:17:52 2018 InstallationDate: Installed on 2018-03-29 (11 days ago) InstallationMedia: Ubuntu 18.04 LTS "Bionic Beaver" - Alpha amd64 (20180321) SourcePackage: gnome-terminal UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/systemd/+bug/1762391/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1762391] Re: pam_group.so is not evaluated by gnome-terminal
** No longer affects: gnome-terminal (Ubuntu) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/1762391 Title: pam_group.so is not evaluated by gnome-terminal Status in systemd: New Status in systemd package in Ubuntu: In Progress Status in systemd source package in Xenial: New Status in systemd source package in Bionic: In Progress Status in systemd source package in Cosmic: Won't Fix Status in gnome-terminal source package in Eoan: New Status in systemd source package in Eoan: In Progress Bug description: We are using Ubuntu in a university network with lots of ldap users. To automatically map ldap users/groups to local groups we are using pam_group.so. This has worked for years. With the upgrade from Xenial to Bionic /etc/security/group.conf is not evaluated anymore by gnome-terminal as it runs as systemd --user. Xterm, ssh, su, and tty* however do work as expected. Only the default gnome-terminal behaves different. According to https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851243 and https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=756458 this might not be a bug, but a feature. Nevertheless this behavior is very unexpected when upgrading from Xenial to Bionic and therefore should at least added to the changelog. ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: gnome-terminal 3.28.0-1ubuntu1 ProcVersionSignature: Ubuntu 4.15.0-10.11-generic 4.15.3 Uname: Linux 4.15.0-10-generic x86_64 NonfreeKernelModules: nvidia_modeset nvidia ApportVersion: 2.20.9-0ubuntu4 Architecture: amd64 CurrentDesktop: ubuntu:GNOME Date: Mon Apr 9 13:17:52 2018 InstallationDate: Installed on 2018-03-29 (11 days ago) InstallationMedia: Ubuntu 18.04 LTS "Bionic Beaver" - Alpha amd64 (20180321) SourcePackage: gnome-terminal UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/systemd/+bug/1762391/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1762391] Re: pam_group.so is not evaluated by gnome-terminal
Please hold on with uploading until https://github.com/systemd/systemd/issues/14567 is resolved. ** Bug watch added: github.com/systemd/systemd/issues #14567 https://github.com/systemd/systemd/issues/14567 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/1762391 Title: pam_group.so is not evaluated by gnome-terminal Status in systemd: New Status in gnome-terminal package in Ubuntu: Invalid Status in systemd package in Ubuntu: In Progress Status in systemd source package in Xenial: New Status in systemd source package in Bionic: In Progress Status in systemd source package in Cosmic: Won't Fix Status in gnome-terminal source package in Eoan: New Status in systemd source package in Eoan: In Progress Bug description: We are using Ubuntu in a university network with lots of ldap users. To automatically map ldap users/groups to local groups we are using pam_group.so. This has worked for years. With the upgrade from Xenial to Bionic /etc/security/group.conf is not evaluated anymore by gnome-terminal as it runs as systemd --user. Xterm, ssh, su, and tty* however do work as expected. Only the default gnome-terminal behaves different. According to https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851243 and https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=756458 this might not be a bug, but a feature. Nevertheless this behavior is very unexpected when upgrading from Xenial to Bionic and therefore should at least added to the changelog. ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: gnome-terminal 3.28.0-1ubuntu1 ProcVersionSignature: Ubuntu 4.15.0-10.11-generic 4.15.3 Uname: Linux 4.15.0-10-generic x86_64 NonfreeKernelModules: nvidia_modeset nvidia ApportVersion: 2.20.9-0ubuntu4 Architecture: amd64 CurrentDesktop: ubuntu:GNOME Date: Mon Apr 9 13:17:52 2018 InstallationDate: Installed on 2018-03-29 (11 days ago) InstallationMedia: Ubuntu 18.04 LTS "Bionic Beaver" - Alpha amd64 (20180321) SourcePackage: gnome-terminal UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/systemd/+bug/1762391/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1762391] Re: pam_group.so is not evaluated by gnome-terminal
SRU proposal for Focal (upstream backport). ** Patch added: "focal_systemd_244-3ubuntu4.debdiff" https://bugs.launchpad.net/ubuntu/+source/gnome-terminal/+bug/1762391/+attachment/5320077/+files/focal_systemd_244-3ubuntu4.debdiff -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/1762391 Title: pam_group.so is not evaluated by gnome-terminal Status in systemd: New Status in gnome-terminal package in Ubuntu: Invalid Status in systemd package in Ubuntu: In Progress Status in systemd source package in Xenial: New Status in systemd source package in Bionic: In Progress Status in systemd source package in Cosmic: Won't Fix Status in gnome-terminal source package in Eoan: New Status in systemd source package in Eoan: In Progress Bug description: We are using Ubuntu in a university network with lots of ldap users. To automatically map ldap users/groups to local groups we are using pam_group.so. This has worked for years. With the upgrade from Xenial to Bionic /etc/security/group.conf is not evaluated anymore by gnome-terminal as it runs as systemd --user. Xterm, ssh, su, and tty* however do work as expected. Only the default gnome-terminal behaves different. According to https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851243 and https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=756458 this might not be a bug, but a feature. Nevertheless this behavior is very unexpected when upgrading from Xenial to Bionic and therefore should at least added to the changelog. ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: gnome-terminal 3.28.0-1ubuntu1 ProcVersionSignature: Ubuntu 4.15.0-10.11-generic 4.15.3 Uname: Linux 4.15.0-10-generic x86_64 NonfreeKernelModules: nvidia_modeset nvidia ApportVersion: 2.20.9-0ubuntu4 Architecture: amd64 CurrentDesktop: ubuntu:GNOME Date: Mon Apr 9 13:17:52 2018 InstallationDate: Installed on 2018-03-29 (11 days ago) InstallationMedia: Ubuntu 18.04 LTS "Bionic Beaver" - Alpha amd64 (20180321) SourcePackage: gnome-terminal UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/systemd/+bug/1762391/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1762391] Re: pam_group.so is not evaluated by gnome-terminal
This issue has been fixed upstream, I believe it makes sense to also have it in Ubuntu. ** Changed in: systemd (Ubuntu Bionic) Status: Won't Fix => In Progress ** Changed in: systemd (Ubuntu) Status: Won't Fix => In Progress ** Changed in: systemd (Ubuntu) Assignee: (unassigned) => Dariusz Gadomski (dgadomski) ** Changed in: systemd (Ubuntu Bionic) Assignee: (unassigned) => Dariusz Gadomski (dgadomski) ** Also affects: gnome-terminal (Ubuntu Eoan) Importance: Undecided Status: New ** Also affects: systemd (Ubuntu Eoan) Importance: Undecided Status: New ** Changed in: systemd (Ubuntu Eoan) Status: New => In Progress ** Changed in: systemd (Ubuntu Eoan) Assignee: (unassigned) => Dariusz Gadomski (dgadomski) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/1762391 Title: pam_group.so is not evaluated by gnome-terminal Status in systemd: New Status in gnome-terminal package in Ubuntu: Invalid Status in systemd package in Ubuntu: In Progress Status in systemd source package in Xenial: New Status in systemd source package in Bionic: In Progress Status in systemd source package in Cosmic: Won't Fix Status in gnome-terminal source package in Eoan: New Status in systemd source package in Eoan: In Progress Bug description: We are using Ubuntu in a university network with lots of ldap users. To automatically map ldap users/groups to local groups we are using pam_group.so. This has worked for years. With the upgrade from Xenial to Bionic /etc/security/group.conf is not evaluated anymore by gnome-terminal as it runs as systemd --user. Xterm, ssh, su, and tty* however do work as expected. Only the default gnome-terminal behaves different. According to https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851243 and https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=756458 this might not be a bug, but a feature. Nevertheless this behavior is very unexpected when upgrading from Xenial to Bionic and therefore should at least added to the changelog. ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: gnome-terminal 3.28.0-1ubuntu1 ProcVersionSignature: Ubuntu 4.15.0-10.11-generic 4.15.3 Uname: Linux 4.15.0-10-generic x86_64 NonfreeKernelModules: nvidia_modeset nvidia ApportVersion: 2.20.9-0ubuntu4 Architecture: amd64 CurrentDesktop: ubuntu:GNOME Date: Mon Apr 9 13:17:52 2018 InstallationDate: Installed on 2018-03-29 (11 days ago) InstallationMedia: Ubuntu 18.04 LTS "Bionic Beaver" - Alpha amd64 (20180321) SourcePackage: gnome-terminal UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/systemd/+bug/1762391/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1762391] Re: pam_group.so is not evaluated by gnome-terminal
** Also affects: gnome-terminal (Ubuntu Xenial) Importance: Undecided Status: New ** Also affects: systemd (Ubuntu Xenial) Importance: Undecided Status: New ** No longer affects: gnome-terminal (Ubuntu Xenial) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/1762391 Title: pam_group.so is not evaluated by gnome-terminal Status in systemd: New Status in gnome-terminal package in Ubuntu: Invalid Status in systemd package in Ubuntu: Won't Fix Status in systemd source package in Xenial: New Status in systemd source package in Bionic: Won't Fix Status in systemd source package in Cosmic: Won't Fix Bug description: We are using Ubuntu in a university network with lots of ldap users. To automatically map ldap users/groups to local groups we are using pam_group.so. This has worked for years. With the upgrade from Xenial to Bionic /etc/security/group.conf is not evaluated anymore by gnome-terminal as it runs as systemd --user. Xterm, ssh, su, and tty* however do work as expected. Only the default gnome-terminal behaves different. According to https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851243 and https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=756458 this might not be a bug, but a feature. Nevertheless this behavior is very unexpected when upgrading from Xenial to Bionic and therefore should at least added to the changelog. ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: gnome-terminal 3.28.0-1ubuntu1 ProcVersionSignature: Ubuntu 4.15.0-10.11-generic 4.15.3 Uname: Linux 4.15.0-10-generic x86_64 NonfreeKernelModules: nvidia_modeset nvidia ApportVersion: 2.20.9-0ubuntu4 Architecture: amd64 CurrentDesktop: ubuntu:GNOME Date: Mon Apr 9 13:17:52 2018 InstallationDate: Installed on 2018-03-29 (11 days ago) InstallationMedia: Ubuntu 18.04 LTS "Bionic Beaver" - Alpha amd64 (20180321) SourcePackage: gnome-terminal UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/systemd/+bug/1762391/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1762391] Re: pam_group.so is not evaluated by gnome-terminal
pam_group is a historical curiosity. While we should continue to ship it in pam for compatibility with existing configurations, there is no good reason to use it in a new deployment, and we should not consider incompatibility with pam_group to itself be a reason to change the behavior of a pam application. Static group memberships should be expressed through NSS, not through pam_group, so that the system has a consistent view of the memberships. This includes group memberships at large LDAP installations. You may want to be using sssd for this. pam_group's support for dynamic group assignments (time-of-day, etc) is inherently flawed, because there is no support for runtime revocation of group membership of Unix processes, and there is no associated service to reap processes with out-of-policy group memberships. pam_group's dynamic group assignments should be considered entirely superseded by logind. I believe the behavior of calling pam_setcred() from a pam application that has not first called pam_authenticate() is undefined, so I don't think this is a good general solution for applications aside from pam_group. So I'm closing this bug as wontfix unless a clearer rationale for this change presents itself. ** Changed in: systemd (Ubuntu Bionic) Status: New => Won't Fix ** Changed in: systemd (Ubuntu) Status: New => Invalid ** Changed in: systemd (Ubuntu) Status: Invalid => Won't Fix ** Changed in: systemd (Ubuntu Cosmic) Status: New => Won't Fix -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/1762391 Title: pam_group.so is not evaluated by gnome-terminal Status in systemd: New Status in gnome-terminal package in Ubuntu: Invalid Status in systemd package in Ubuntu: Won't Fix Status in systemd source package in Bionic: Won't Fix Status in systemd source package in Cosmic: Won't Fix Bug description: We are using Ubuntu in a university network with lots of ldap users. To automatically map ldap users/groups to local groups we are using pam_group.so. This has worked for years. With the upgrade from Xenial to Bionic /etc/security/group.conf is not evaluated anymore by gnome-terminal as it runs as systemd --user. Xterm, ssh, su, and tty* however do work as expected. Only the default gnome-terminal behaves different. According to https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851243 and https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=756458 this might not be a bug, but a feature. Nevertheless this behavior is very unexpected when upgrading from Xenial to Bionic and therefore should at least added to the changelog. ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: gnome-terminal 3.28.0-1ubuntu1 ProcVersionSignature: Ubuntu 4.15.0-10.11-generic 4.15.3 Uname: Linux 4.15.0-10-generic x86_64 NonfreeKernelModules: nvidia_modeset nvidia ApportVersion: 2.20.9-0ubuntu4 Architecture: amd64 CurrentDesktop: ubuntu:GNOME Date: Mon Apr 9 13:17:52 2018 InstallationDate: Installed on 2018-03-29 (11 days ago) InstallationMedia: Ubuntu 18.04 LTS "Bionic Beaver" - Alpha amd64 (20180321) SourcePackage: gnome-terminal UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/systemd/+bug/1762391/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1762391] Re: pam_group.so is not evaluated by gnome-terminal
** No longer affects: gnome-terminal (Ubuntu Bionic) ** No longer affects: gnome-terminal (Ubuntu Cosmic) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/1762391 Title: pam_group.so is not evaluated by gnome-terminal Status in systemd: New Status in gnome-terminal package in Ubuntu: Invalid Status in systemd package in Ubuntu: New Status in systemd source package in Bionic: New Status in systemd source package in Cosmic: New Bug description: We are using Ubuntu in a university network with lots of ldap users. To automatically map ldap users/groups to local groups we are using pam_group.so. This has worked for years. With the upgrade from Xenial to Bionic /etc/security/group.conf is not evaluated anymore by gnome-terminal as it runs as systemd --user. Xterm, ssh, su, and tty* however do work as expected. Only the default gnome-terminal behaves different. According to https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851243 and https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=756458 this might not be a bug, but a feature. Nevertheless this behavior is very unexpected when upgrading from Xenial to Bionic and therefore should at least added to the changelog. ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: gnome-terminal 3.28.0-1ubuntu1 ProcVersionSignature: Ubuntu 4.15.0-10.11-generic 4.15.3 Uname: Linux 4.15.0-10-generic x86_64 NonfreeKernelModules: nvidia_modeset nvidia ApportVersion: 2.20.9-0ubuntu4 Architecture: amd64 CurrentDesktop: ubuntu:GNOME Date: Mon Apr 9 13:17:52 2018 InstallationDate: Installed on 2018-03-29 (11 days ago) InstallationMedia: Ubuntu 18.04 LTS "Bionic Beaver" - Alpha amd64 (20180321) SourcePackage: gnome-terminal UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/systemd/+bug/1762391/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1762391] Re: pam_group.so is not evaluated by gnome-terminal
** Also affects: gnome-terminal (Ubuntu Cosmic) Importance: Undecided Status: New ** Also affects: systemd (Ubuntu Cosmic) Importance: Undecided Status: New ** Also affects: gnome-terminal (Ubuntu Bionic) Importance: Undecided Status: New ** Also affects: systemd (Ubuntu Bionic) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/1762391 Title: pam_group.so is not evaluated by gnome-terminal Status in systemd: New Status in gnome-terminal package in Ubuntu: Invalid Status in systemd package in Ubuntu: New Status in gnome-terminal source package in Bionic: New Status in systemd source package in Bionic: New Status in gnome-terminal source package in Cosmic: New Status in systemd source package in Cosmic: New Bug description: We are using Ubuntu in a university network with lots of ldap users. To automatically map ldap users/groups to local groups we are using pam_group.so. This has worked for years. With the upgrade from Xenial to Bionic /etc/security/group.conf is not evaluated anymore by gnome-terminal as it runs as systemd --user. Xterm, ssh, su, and tty* however do work as expected. Only the default gnome-terminal behaves different. According to https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851243 and https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=756458 this might not be a bug, but a feature. Nevertheless this behavior is very unexpected when upgrading from Xenial to Bionic and therefore should at least added to the changelog. ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: gnome-terminal 3.28.0-1ubuntu1 ProcVersionSignature: Ubuntu 4.15.0-10.11-generic 4.15.3 Uname: Linux 4.15.0-10-generic x86_64 NonfreeKernelModules: nvidia_modeset nvidia ApportVersion: 2.20.9-0ubuntu4 Architecture: amd64 CurrentDesktop: ubuntu:GNOME Date: Mon Apr 9 13:17:52 2018 InstallationDate: Installed on 2018-03-29 (11 days ago) InstallationMedia: Ubuntu 18.04 LTS "Bionic Beaver" - Alpha amd64 (20180321) SourcePackage: gnome-terminal UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/systemd/+bug/1762391/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1762391] Re: pam_group.so is not evaluated by gnome-terminal
** Changed in: systemd Status: Unknown => New -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/1762391 Title: pam_group.so is not evaluated by gnome-terminal Status in systemd: New Status in gnome-terminal package in Ubuntu: Invalid Status in systemd package in Ubuntu: New Bug description: We are using Ubuntu in a university network with lots of ldap users. To automatically map ldap users/groups to local groups we are using pam_group.so. This has worked for years. With the upgrade from Xenial to Bionic /etc/security/group.conf is not evaluated anymore by gnome-terminal as it runs as systemd --user. Xterm, ssh, su, and tty* however do work as expected. Only the default gnome-terminal behaves different. According to https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851243 and https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=756458 this might not be a bug, but a feature. Nevertheless this behavior is very unexpected when upgrading from Xenial to Bionic and therefore should at least added to the changelog. ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: gnome-terminal 3.28.0-1ubuntu1 ProcVersionSignature: Ubuntu 4.15.0-10.11-generic 4.15.3 Uname: Linux 4.15.0-10-generic x86_64 NonfreeKernelModules: nvidia_modeset nvidia ApportVersion: 2.20.9-0ubuntu4 Architecture: amd64 CurrentDesktop: ubuntu:GNOME Date: Mon Apr 9 13:17:52 2018 InstallationDate: Installed on 2018-03-29 (11 days ago) InstallationMedia: Ubuntu 18.04 LTS "Bionic Beaver" - Alpha amd64 (20180321) SourcePackage: gnome-terminal UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/systemd/+bug/1762391/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1762391] Re: pam_group.so is not evaluated by gnome-terminal
According to my tests GDM works as expected - checking groups the user belongs to on different terminal emulators (e.g. xterm) proves that the /etc/security/group.conf groups are correctly applied. The problem in this case affects gnome-terminal alone (and the problem is present also if using e.g. LightDM instead of GDM). This is related to the way gnome-terminal-server is started via DBus and executed under systemd --user. It is started under the systemd-user PAM service, so pam_group entry should be added to /etc/pam.d/systemd-user. The problem is systemd will never apply pam_group settings because it does not call pam_setcred. The issue is reported to systemd along with a PR fixing it: https://github.com/systemd/systemd/issues/11198 ** Bug watch added: github.com/systemd/systemd/issues #11198 https://github.com/systemd/systemd/issues/11198 ** Also affects: gnome-terminal via https://github.com/systemd/systemd/issues/11198 Importance: Unknown Status: Unknown ** Project changed: gnome-terminal => systemd ** Changed in: gnome-terminal (Ubuntu) Status: Confirmed => Invalid ** Also affects: systemd (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/1762391 Title: pam_group.so is not evaluated by gnome-terminal Status in systemd: Unknown Status in gnome-terminal package in Ubuntu: Invalid Status in systemd package in Ubuntu: New Bug description: We are using Ubuntu in a university network with lots of ldap users. To automatically map ldap users/groups to local groups we are using pam_group.so. This has worked for years. With the upgrade from Xenial to Bionic /etc/security/group.conf is not evaluated anymore by gnome-terminal as it runs as systemd --user. Xterm, ssh, su, and tty* however do work as expected. Only the default gnome-terminal behaves different. According to https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851243 and https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=756458 this might not be a bug, but a feature. Nevertheless this behavior is very unexpected when upgrading from Xenial to Bionic and therefore should at least added to the changelog. ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: gnome-terminal 3.28.0-1ubuntu1 ProcVersionSignature: Ubuntu 4.15.0-10.11-generic 4.15.3 Uname: Linux 4.15.0-10-generic x86_64 NonfreeKernelModules: nvidia_modeset nvidia ApportVersion: 2.20.9-0ubuntu4 Architecture: amd64 CurrentDesktop: ubuntu:GNOME Date: Mon Apr 9 13:17:52 2018 InstallationDate: Installed on 2018-03-29 (11 days ago) InstallationMedia: Ubuntu 18.04 LTS "Bionic Beaver" - Alpha amd64 (20180321) SourcePackage: gnome-terminal UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/systemd/+bug/1762391/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp