Setuid / Setgid bit not enabled on `authproto_pam`

[lkelley-bec]

On both version 1.5.1 and 1.9.0 on Ubuntu 22, running make install or installing via apt does not enable setuid/setgid on authproto_pam. This seems to only have caused issues when the password has expired while the user has been logged in, prompting a password change inside the xsecurelock sign-in workflow.

Steps to reproduce:

1. make install or apt install xsecurelock
2. Configure to activate via xss-lock, which itself is set up inside a normal user's .xinitrc
3. Log in as the normal user, and run passwd --expire (this issue also occurs when a password is older than the max allowed age)
4. Lock the screen manually by running xset s activate
5. Log in with the current password, observe the prompt to change the password
6. Attempt to change the password correctly. After three failed attempts, observe that it lets you in anyways (not sure if this is expected?)
7. Either lock the screen or log out. Either way, attempt to log back into the account and observe that the password has not been changed.

My workaround was to chmod ug+s authproto_pam, after which point everything works as expected. (The "lets you in after three failed password change attempts" noted in step 6 still occurs, but again I'm not sure if that's expected or not.)

[thefakhraee]

There's also this error/warning in logs that happens after a successful unlock:

pam_unix(common-auth:account): setuid failed: Operation not permitted

Above workaround suggested by @lkelley-bec will also fix this.

Debian GNU/Linux trixie/sid
XSecureLock Version: 1.9.0

[rdslw]

IMO this not xsecurelock thing but your distribution.

more discussion here: #186 so I propose this shall be marked as duplicate of it.