1. Can't write to /etc/shadow

Problem

$ sudo passwd -e example_user
passwd: failure while writing changes to /etc/shadow


$ sudo fuser -v /etc/shadow
[ no output ]


$ sudo ls -l /etc/shadow+
-rw-r-----+ 1 root shadow 1556 Mar 29 17:45 /etc/shadow+

Given that /etc/shadow+ has been successfully created with the diffs of the change, it's evident that /etc is mounted read-write so it's not a filesystem problem.

Nothing appears to be locking the /etc/shadow file.

Cause

The root cause in my case were long-running jobs started using su. By some mechanism I haven't yet determined, su causes a stealthy lock on /etc/shadow that defeats all password operations whilst it is active.

Solution

Close active su sessions and retry.

2.apt-cacher-ng strange name resolution failure

Problem

After adding Ubuntu PPA specifications to client machines, apt-cacher-ng fails with a name resolution error:

Error resolving ppa.launchpad.net: 503 DNS error for hostname ppa.launchpad.net: Name or service not known. If debrep refers to a configured cache repository, please check the corresponding configuration file.

However visiting the PPA URL in a browser works successfully.

Cause

ppa.launchpad.net is not IPv6-enabled and there does not have an AAAA RR in DNS. apt-cacher-ng was choking on this.

Solution

Bypass apt-cacher-ng for PPA URLs by adding this line to the 02Proxy file in /etc/apt/apt.conf.d/ on the client machines, after the proxy specification:

Acquire::HTTP::Proxy::ppa.launchpad.net "DIRECT";

3. Audio IO fails in KDE applications

Problem

Audio playback and capture fails with a variety of ambiguous error messages:

- vlc reports 'Unable to connect to Pulse Audio, permission denied' - Phonon reports 'Too many open files' - All audio devices disappear in KDE System Settings

Cause

An IPC conflict between firejail and the behemoth Pulse Audio:

https://l3net.wordpress.com/2015/10/14/firejail-0-9-32-rc1-release-announcement/

Solution

Edit /etc/pulse/default.pa appending:

load-module module-native-protocol-unix

to

load-module module-native-protocol-unix srbchannel=no

4. Periodic stuttering in NFS-streamed video playack with 4.4 kernels

Problem

Periodic stutter in video playback when streaming from a LAN NFS share, usually occuring every 20 seconds or thereabouts. Evident with iwl4965 driver.

Cause

RTS hand-shaking disabled by the default wireless configuration.

Solution

Re-enable with:

iw phy0 set rts 500

and check enabled with:

iw phy phy0 info | grep -i rts

5. Silent davical failures after upgrading to Ubuntu 16.04

Problem

davical ceases to provide calendar data in response to PROPFIND requests from clients, returning only a 500 status. Debugging by instrumenting /etc/davical/{conf}.php provides no further elucidation, but instrumenting /usr/share/davical/CalDAVRequest.php shows execution aborting at this line:

$xml_parser = xml_parser_create_ns('UTF-8');

Cause

Running php -a at the command line and executing the above line results in:

PHP Warning:  Uncaught Error: Call to undefined function  xml_parser_create_ns

Cause

Ubuntu 16.04 does not have a dependency link between the davical package and the provider of the required function, php7.0-xml. Resolve with:

sudo apt-get install php7.0-xml

This also repairs the dotclear blogging package.

6. Firefox 60 fails to render when run under Firejail

Problem

Firefox 60 shows only a blank page when attempting to load any web page, even about:config

Cause

Firefox 60 on Linux uses some syscalls to create a container in which the rendering executes. Firejail prevents these privileged calls from being executed.

Solution

Change the seccomp denial entry in /etc/firejail/firefox.profile from:

seccomp

to the list of denied capabilities:

seccomp.drop @clock,@cpu-emulation,@debug,@module,@obsolete,@raw-io,@reboot,@resources,@swap,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplice

7. /tmp/ cleared upon boot

Problem

/tmp/ is cleared of personal files on boot, without prompting

Cause

systemd thinks that it is being helpful and nukes the /tmp/ directory on startup

Solution

As root edit /usr/lib/tmpfiles.d/tmp.conf and comment-out the line:

D /tmp/ 1777 root root -

However this file will be reverted to defaults each time that systemd is updated. To prevent that make it immutable with chattr -i