[Bug 1847902] [NEW] pam_nologin should optionally exclude users of the "wheel" group from its access restrictions
Maris Nartiss
maris.nartiss at gmail.com
Sun Oct 13 11:59:49 UTC 2019
Public bug reported:
During a remote system upgrade (18.04 to 19.04) something went south and after reboot the machine is stuck at some place in its boot sequence. SSH works, but trying to log-in with a sudo-capable user results in: "System is booting up. Unprivileged users are not permitted to log in yet. Please come back later. For technical details, see pam_nologin(8)."
As Ubuntu has moved away from full root users with passwords + allowing root logins over SSH, I'm totally locked out from my remote system.
There is a bug reported for pam_nologin requesting to provide separate
exclusion mechanism but in the meantime it is possible to implement a
workaround to exclude administrative users from nologin restriction.
Here's the bug:
https://github.com/linux-pam/linux-pam/issues/42
And here is the workaround that should be implemented in Ubuntu:
https://github.com/linux-pam/linux-pam/issues/42#issuecomment-367450193
** Affects: pam (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to pam in Ubuntu.
https://bugs.launchpad.net/bugs/1847902
Title:
pam_nologin should optionally exclude users of the "wheel" group from
its access restrictions
Status in pam package in Ubuntu:
New
Bug description:
During a remote system upgrade (18.04 to 19.04) something went south and after reboot the machine is stuck at some place in its boot sequence. SSH works, but trying to log-in with a sudo-capable user results in: "System is booting up. Unprivileged users are not permitted to log in yet. Please come back later. For technical details, see pam_nologin(8)."
As Ubuntu has moved away from full root users with passwords + allowing root logins over SSH, I'm totally locked out from my remote system.
There is a bug reported for pam_nologin requesting to provide separate
exclusion mechanism but in the meantime it is possible to implement a
workaround to exclude administrative users from nologin restriction.
Here's the bug:
https://github.com/linux-pam/linux-pam/issues/42
And here is the workaround that should be implemented in Ubuntu:
https://github.com/linux-pam/linux-pam/issues/42#issuecomment-367450193
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/pam/+bug/1847902/+subscriptions
More information about the foundations-bugs
mailing list