[Software] xscreensaver /etc/shadow ownership requirements
Posted: 2024-09-11 09:21
Hello,
I run debian bookworm on a work pc that is then managed by a policy agent (jumpcloud).
One of the policies checks /etc/shadow ownership and forces it to be root:root , which is not the debian default according to https://www.debian.org/doc/manuals/debi ... entication .
This breaks xscreensaver log in (as described in another forum : https://forum.sparkylinux.org/index.php?topic=4616.0 ) .
I run xscreensaver 6.06+dfsg1-3+deb12u1
I would like to know why just the group ownership breaks the log in.
I did not find any info in xscreensaver FAQ or manual about this requirement.
Perhaps this has to do with the way the package is compiled for debian? I am not comfortable at all with how debian packaging works nor with anything related to PAM and I need some help.
I searched the forum for 'xscreensaver passwd' and 'xscreensaver shadow' but did not find anything.
I read man 5 shadow but all it said was " This file must not be readable by regular users if password security is to be maintained." -> so if the group is root or shadow, to me it should not make any difference.
Thanks for any hint
I run debian bookworm on a work pc that is then managed by a policy agent (jumpcloud).
One of the policies checks /etc/shadow ownership and forces it to be root:root , which is not the debian default according to https://www.debian.org/doc/manuals/debi ... entication .
This breaks xscreensaver log in (as described in another forum : https://forum.sparkylinux.org/index.php?topic=4616.0 ) .
I run xscreensaver 6.06+dfsg1-3+deb12u1
I would like to know why just the group ownership breaks the log in.
I did not find any info in xscreensaver FAQ or manual about this requirement.
Perhaps this has to do with the way the package is compiled for debian? I am not comfortable at all with how debian packaging works nor with anything related to PAM and I need some help.
I searched the forum for 'xscreensaver passwd' and 'xscreensaver shadow' but did not find anything.
I read man 5 shadow but all it said was " This file must not be readable by regular users if password security is to be maintained." -> so if the group is root or shadow, to me it should not make any difference.
Thanks for any hint