permission denied" during some login attempts on Linux

This document (7015864) is provided subject to the disclaimer at the end of this document.

Environment

SUSE Linux Enterprise Server 11

Situation

Some methods of login to a SUSE Linux server are resulting in a "permission denied" error, resulting in failed login.
 
SIDE NOTE:  Many conditions can cause a permission denied error during login.  Some will prevent login; others will not.  This document does not attempt to describe all possible causes, it only covers one specific scenario.

Resolution

This login failure can be caused by corruption in /var/log/btmp.  That file stores information about failed login attempts.  A change to pam which will allow logins to succeed even if the btmp file is corrupt is available in:
 
SLES 11 SP4, pam-1.1.5-0.17.2, available in maintenance updates as of late June 2016.
 
An alternative way to resolve this is to rename or remove /var/log/btmp.  The system will create a new (intact) copy when needed.  Not all types of failed logins will necessarily create/update this file.
 
The actual conditions that must come together for corrupt /var/log/btmp to cause failed logins are relatively rare.  See the "Cause" section of this document for more details.

Cause

It is not known what caused /var/log/btmp to become corrupt.  Even with corruption, it might not cause a login failure in most situations.  The conditions that all come together to cause actual login failures are:
 
1.  Corruption in /var/log/btmp
2.  The login attempt is controlled by a /etc/pam.d/<service> definition file, in which:
   a.  pam_lastlog.so is in use
   b.  pam_lastlog.so is set as "required" or "requisite" (it is normally considered "optional")
   c.  the "showfailed" option is in use on pam_lastlog.so
 
NOTE:  Some application services announce previous login information without learning it through pam, so it is also conceivable that a corrupt /var/log/btmp could cause failures without the above pam conditions.

Disclaimer

This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:7015864
  • Creation Date: 06-Nov-2014
  • Modified Date:03-Mar-2020
    • SUSE Linux Enterprise Server

< Back to Support Search

For questions or concerns with the SUSE Knowledgebase please contact: tidfeedback@suse.com

SUSE Support Forums

Get your questions answered by experienced Sys Ops or interact with other SUSE community experts.

Join Our Community

Support Resources

Learn how to get the most from the technical support you receive with your SUSE Subscription, Premium Support, Academic Program, or Partner Program.


SUSE Customer Support Quick Reference Guide SUSE Technical Support Handbook Update Advisories
Support FAQ

Open an Incident

Open an incident with SUSE Technical Support, manage your subscriptions, download patches, or manage user access.

Go to Customer Center