[Nix-dev] passwd trouble

Marc Weber marco-oweber at gmx.de
Wed Mar 18 12:56:29 CET 2009 

I have some trouble using passwd again..
I'd like to know what is causing it..

[root at nixos:~]# passwd marc
Changing password for marc.
passwd: Permission denied

When changing /etc/pam.d/passwd to use pam_permit.so only
I can no longer enter a password and passwd just prints "password
changed". so the passwd .. pam_unix2.so line in /etc/pam.d/passwd
seems to be important.

strace:
http://rafb.net/p/7jq2vb43.html

setrlimit(RLIMIT_NOFILE, {rlim_cur=RLIM_INFINITY, rlim_max=RLIM_INFINITY}) = -1 EPERM (Operation not permitted)

The C code is:

  static void
  init_limits (void)
  {
    struct rlimit rlim;

    /* Don't create a core file.  */
    rlim.rlim_cur = rlim.rlim_max = 0;
    setrlimit (RLIMIT_CORE, &rlim);

    /* Set all limits to unlimited to avoid to run in any
       problems later.  */
    rlim.rlim_cur = rlim.rlim_max = RLIM_INFINITY;
    setrlimit (RLIMIT_AS, &rlim);
    setrlimit (RLIMIT_CPU, &rlim);
    setrlimit (RLIMIT_DATA, &rlim);
    setrlimit (RLIMIT_FSIZE, &rlim);
    setrlimit (RLIMIT_NOFILE, &rlim);
    setrlimit (RLIMIT_RSS, &rlim);
    setrlimit (RLIMIT_STACK, &rlim);
  }


and doesn't check the return value. So this is not causing the failure.
syslog looks like this:

  Mar 18 11:49:44 nixos passwd[6080]: pam_unix2(passwd:chauthtok): pam_sm_chauthtok() called
  Mar 18 11:49:44 nixos passwd[6080]: pam_unix2(passwd:chauthtok): username=[root]
  Mar 18 11:49:44 nixos passwd[6080]: User root: Permission denied 


I've tried compiling pwdutils with -g to be able to debug it using gdb
to see where this message is thrown exactly. However gdb keeps saying:
"no debugging symbols found".
I'm using a hook to define env vars the same way its done running
nix-build.. Is there anything which causes gcc (or libtool)? To remove
those symbols again?

objdum -h src/passwd-passwd.o shows lines such as
.debug_line, .debug_info, .debug_loc ...
So the .o file does have debugging symbols.
file src/passwd says "not stripped"

linking the executable using gcc -o ... -l... -l... passwd-passwd.o
works fine. Result is the same?

Do you have any ideas what else to try?

Maybe I should setup ldap.

Marc Weber

More information about the nix-dev mailing list