missing pam_loginuid.so breaks getlogin()

More to go:

Currently, /etc/pam.d/common-account (to be more correct, /etc/pam.d/common-session) doesn't differ sessions like ordinary (login,sshd,crond etc) and special (su and sudo). So my proposal incorrect - better add pam_loginuid to ordinary sessions and leave special sessions untouched.

> So my proposal incorrect - better add pam_loginuid to ordinary
> sessions and leave special sessions untouched.

Yep. This makes it non-trivial to do centrally; needs to be addressed in the individual services unfortunately.

Maybe split system-auth and login procedures? That makes possible to make login-common (with additions like pam_loginuid) for login-like session using system-auth and other sessions using only system-auth.

So should this actually be tasked to the libpam-runtime package (which owns /etc/pam.d/common-auth) rather than cron, openssh and shadow?

Status changed to 'Confirmed' because the bug affects multiple users.

probably the same as this bug: https://bugs.launchpad.net/ubuntu/+source/eglibc/+bug/1032740

This bug was fixed in the package openssh - 1:6.2p2-3

---------------
openssh (1:6.2p2-3) unstable; urgency=low

  * If the running init daemon is Upstart, then, on the first upgrade to
    this version, check whether sysvinit is still managing sshd; if so,
    manually stop it so that it can be restarted under upstart. We do this
    near the end of the postinst, so it shouldn't result in any appreciable
    extra window where sshd is not running during upgrade.

 -- Colin Watson <email address hidden> Wed, 22 May 2013 17:42:10 +0100

I see the fix in at's git tree at

http://anonscm.debian.org/gitweb/?p=collab-maint/at.git;a=commitdiff;h=23def4839244a4937e60c4bfa27c97147f41cf3a

Marking fix committed. The fix will come in through a merge after this is released in debian.

3.0pl1-124.1ubuntu1 contains a fix for this.

This bug was fixed in the package shadow - 1:4.2-3.1ubuntu1

---------------
shadow (1:4.2-3.1ubuntu1) xenial; urgency=low

  * Merge from Debian unstable.
    - Includes pam_loginuid in login PAM config. LP: #1067779.
    - Fixes typo in usermod -h output. LP: #1348873.
  * Remaining changes:
    - debian/passwd.upstart: Add an upstart job to clear locks on
      [shadow-]passwd/group.
    - debian/login.defs:
      + Update documentation of USERGROUPS_ENAB: with pam_umask, the UPG
        handling does not only apply to "former (pre-PAM) uses".
      + Update documentation of UMASK: Explain that USERGROUPS_ENAB
        will modify this default for UPGs.
    - debian/{source_shadow.py,rules}: Add apport hook
    - Pass noupdate to pam_motd call for /run/motd.dynamic, to avoid running
      /etc/update-motd.d/* scripts twice.
    - debian/patches/1010_extrausers.patch: Add support to passwd for
      libnss-extrausers
    - debian/patches/1011_extrausers_toggle.patch: extrausers support for
      useradd and groupadd
    - debian/patches/userns/subuids-nonlocal-users: Don't limit
      subuid/subgid support to local users.
  * Dropped changes, included in Debian:
    - Allow LXC devices (lxc/console, lxc/tty[1234]), used from precise on.
    - Add uidmap package based on upstream patches that introduce
      newuidmap/newgidmap as well as /etc/subuid and /etc/subgid. Additional
      updates on those to widen the default allocation to 65536 uids and gids
      and only assign ranges to non-system users.
    - debian/patches/1020_fix_user_busy_errors: Call sub_uid_close in all
      error cases.
  * Dropped changes, included upstream:
    - debian/patches/495_stdout-encrypted-password: chpasswd can report
      password hashes on stdout.
    - debian/patches/496_su_kill_process_group: Kill the child process group,
      rather than just the immediate child.
  * Fix pam_motd calls so that the second pam_motd is the noupdate one rather
    than the first, ensuring /run/motd.dynamic is always populated and shown
    on the first login after boot. LP: #1368864.
  * Don't call 'pam_exec uname', a change adopted in Debian without
    coordination with the Debian PAM maintainer
  * Use dh_installinit now for installing the upstart job, as we no longer
    generate a dependency on upstart-job.
  * Include /etc/sub[ug]id in the list of files to clear locks for on boot.
    LP: #1304505
  * Add a systemd unit to go with the upstart job, so that lock clearing works
    on newer Ubuntu releases.

shadow (1:4.2-3.1) unstable; urgency=medium

  * Non-maintainer upload.
  * Fix error handling in busy user detection. (Closes: #778287)

shadow (1:4.2-3) unstable; urgency=low

  * Enforce hardened builds to workaround cdbs sometimes not building
    with hardening flags as in 1:4.2-2+b1
    Thanks to Dr. Markus Waldeck for pointing the issue and Simon Ruderich
    For providing a working patch.

shadow (1:4.2-2) unstable; urgency=low

  * The "Soumaintrain" release
  * The "Rigotte de Condrieu" release was 4.2-1
  * Upload to unstable
  * Last upload integrates the use of dh_autoreconf which has the same
    effect then Eric Dorland's patch in 1:4.1.5.1-1.1 ...

cron (3.0pl1-124.1) unstable; urgency=medium

  * Non-maintainer upload.
  * Add pam_loginuid module to the PAM session stack (Closes: #677443)
  * Add systemd service file. Thanks to Michael Stapelberg (Closes: #652440)

 -- Laurent Bigonville <email address hidden> Sun, 25 May 2014 21:21:19 +0200

at (3.1.15-1) unstable; urgency=medium

  * New upstream release:
    + pam.conf: require pam_loginuid.so (Closes: #677442)
  * Bumped Standards-Version to 3.9.5 (no changes).

 -- Ansgar Burchardt <email address hidden> Sun, 10 Aug 2014 14:03:16 +0200