Ubuntu
shadow package

old motd is displayed on login

Bug #1368864 reported by Simon Déziel
64
This bug affects 11 people
Affects Status Importance Assigned to Milestone
shadow (Ubuntu)
Fix Released
Medium
Unassigned

Bug Description

On Trusty, during login, the motd displayed is from the cache file /run/motd.dynamic. After being displayed, the scripts from /etc/update-motd.d are run to refresh /run/motd.dynamic. This behavior of displaying the cache first is not very convenient and didn't happen on Precise. This is also does not match the documentation (man 5 update-motd) nor the users' expectations.

Steps to reproduce:

$ cat << "EOF" | sudo tee /etc/update-motd.d/60-test
#!/bin/sh
printf "motd from: $(date +%T)\n"
EOF
$ sudo chmod +x /etc/update-motd.d/60-test

$ echo 'echo "real time: $(date +%T)";exit' | ssh -T localhost
Welcome to Ubuntu 14.04.1 LTS (GNU/Linux 3.13.0-35-generic x86_64)

 * Documentation: https://help.ubuntu.com/
motd from: 6:05:43
real time: 12:36:14

The above is just an example of how old/stale the output can be.

More details:

$ lsb_release -rd
Description: Ubuntu 14.04.1 LTS
Release: 14.04
$ apt-cache policy libpam-modules
libpam-modules:
  Installed: 1.1.8-1ubuntu2
  Candidate: 1.1.8-1ubuntu2
  Version table:
 *** 1.1.8-1ubuntu2 0
        500 http://archive.ubuntu.com/ubuntu/ trusty/main amd64 Packages
        100 /var/lib/dpkg/status

ProblemType: Bug
DistroRelease: Ubuntu 14.04
Package: libpam-modules 1.1.8-1ubuntu2
ProcVersionSignature: Ubuntu 3.13.0-36.63-generic 3.13.11.6
Uname: Linux 3.13.0-36-generic x86_64
ApportVersion: 2.14.1-0ubuntu3.4
Architecture: amd64
CurrentDesktop: Unity
Date: Fri Sep 12 12:22:09 2014
InstallationDate: Installed on 2014-01-26 (228 days ago)
InstallationMedia: Ubuntu 14.04 LTS "Trusty Tahr" - Alpha amd64 (20140124)
SourcePackage: pam
UpgradeStatus: No upgrade log present (probably fresh install)

Revision history for this message
Simon Déziel (sdeziel) wrote :
Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in pam (Ubuntu):
status: New → Confirmed
Brian Murray (brian-murray)
Changed in pam (Ubuntu):
importance: Undecided → Medium
Revision history for this message
Steve Langasek (vorlon) wrote :

This is a bug in the /etc/pam.d/login configuration, which has:

session optional pam_motd.so motd=/run/motd.dynamic noupdate
session optional pam_motd.so

This tells login to display the dynamic motd /without updating it/, and then to call pam_motd again for the static motd... and updating the dynamic file. So the motd displayed will always be one run out of date.

The ssh package has this the correct way around:

session optional pam_motd.so motd=/run/motd.dynamic
session optional pam_motd.so noupdate

affects: pam (Ubuntu) → shadow (Ubuntu)
Changed in shadow (Ubuntu):
assignee: nobody → Colin Watson (cjwatson)
status: Confirmed → Triaged
Colin Watson (cjwatson)
Changed in shadow (Ubuntu):
assignee: Colin Watson (cjwatson) → nobody
Revision history for this message
Casey Stone (tcstone) wrote :

Hello: This affects my server(s), 14.04.2 LTS. In fact I just logged in and got information that was 11 days old. I rely on the welcome message especially to tell me when I need to REBOOT for some automatically-installed (perhaps security) updates to be fully applied. Perhaps a wiser sysadmin would have a better way to be notified about that!

Anyway, could this bug perhaps be assigned to someone and solved soon please?

Revision history for this message
Michael (k-i4fo-b) wrote :

Same here on 14.04 , MOTD doen't get updated.

/etc/pam.d/login:

[...]
session optional pam_motd.so motd=/run/motd.dynamic noupdate
session optional pam_motd.so
[...]

/etc/pam.d/sshd:

[...]
session optional pam_motd.so motd=/run/motd.dynamic
session optional pam_motd.so noupdate
[...]

Please fix this as we use the MOTD for update-infos and other stuff.

Regards!

Revision history for this message
Shaun Bouckaert (train-meditations) wrote :

Although /run/motd.dynamic is being updated, it's being updated after being displayed, which is why you see the old one from the previous login. After commenting out the second line with no arguments:

session optional pam_motd.so # [1]

/run/motd.dynamic was no longer being updated on login so I knew this was the line triggering the udpate.

After moving the noupdate to this line I was seeing the freshly generated motd.dynamic on login.

Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (6.7 KiB)

This bug was fixed in the package shadow - 1:4.2-3.1ubuntu1

---------------
shadow (1:4.2-3.1ubuntu1) xenial; urgency=low

  * Merge from Debian unstable.
    - Includes pam_loginuid in login PAM config. LP: #1067779.
    - Fixes typo in usermod -h output. LP: #1348873.
  * Remaining changes:
    - debian/passwd.upstart: Add an upstart job to clear locks on
      [shadow-]passwd/group.
    - debian/login.defs:
      + Update documentation of USERGROUPS_ENAB: with pam_umask, the UPG
        handling does not only apply to "former (pre-PAM) uses".
      + Update documentation of UMASK: Explain that USERGROUPS_ENAB
        will modify this default for UPGs.
    - debian/{source_shadow.py,rules}: Add apport hook
    - Pass noupdate to pam_motd call for /run/motd.dynamic, to avoid running
      /etc/update-motd.d/* scripts twice.
    - debian/patches/1010_extrausers.patch: Add support to passwd for
      libnss-extrausers
    - debian/patches/1011_extrausers_toggle.patch: extrausers support for
      useradd and groupadd
    - debian/patches/userns/subuids-nonlocal-users: Don't limit
      subuid/subgid support to local users.
  * Dropped changes, included in Debian:
    - Allow LXC devices (lxc/console, lxc/tty[1234]), used from precise on.
    - Add uidmap package based on upstream patches that introduce
      newuidmap/newgidmap as well as /etc/subuid and /etc/subgid. Additional
      updates on those to widen the default allocation to 65536 uids and gids
      and only assign ranges to non-system users.
    - debian/patches/1020_fix_user_busy_errors: Call sub_uid_close in all
      error cases.
  * Dropped changes, included upstream:
    - debian/patches/495_stdout-encrypted-password: chpasswd can report
      password hashes on stdout.
    - debian/patches/496_su_kill_process_group: Kill the child process group,
      rather than just the immediate child.
  * Fix pam_motd calls so that the second pam_motd is the noupdate one rather
    than the first, ensuring /run/motd.dynamic is always populated and shown
    on the first login after boot. LP: #1368864.
  * Don't call 'pam_exec uname', a change adopted in Debian without
    coordination with the Debian PAM maintainer
  * Use dh_installinit now for installing the upstart job, as we no longer
    generate a dependency on upstart-job.
  * Include /etc/sub[ug]id in the list of files to clear locks for on boot.
    LP: #1304505
  * Add a systemd unit to go with the upstart job, so that lock clearing works
    on newer Ubuntu releases.

shadow (1:4.2-3.1) unstable; urgency=medium

  * Non-maintainer upload.
  * Fix error handling in busy user detection. (Closes: #778287)

shadow (1:4.2-3) unstable; urgency=low

  * Enforce hardened builds to workaround cdbs sometimes not building
    with hardening flags as in 1:4.2-2+b1
    Thanks to Dr. Markus Waldeck for pointing the issue and Simon Ruderich
    For providing a working patch.

shadow (1:4.2-2) unstable; urgency=low

  * The "Soumaintrain" release
  * The "Rigotte de Condrieu" release was 4.2-1
  * Upload to unstable
  * Last upload integrates the use of dh_autoreconf which has the same
    effect then Eric Dorland's patch in 1:4.1.5.1-1.1 ...

Read more...

Changed in shadow (Ubuntu):
status: Triaged → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.