Bug 843925

Summary: Updating openssh-server in Rawhide logs you out in the middle of the yum transaction
Product: [Fedora] Fedora Reporter: Richard W.M. Jones <rjones>
Component: systemdAssignee: systemd-maint
Status: CLOSED DUPLICATE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: rawhideCC: johannbg, lnykryn, mattias.ellert, metherid, mgrepl, msekleta, notting, plautrba, systemd-maint, tmraz, vpavlin
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-07-30 07:31:30 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Richard W.M. Jones 2012-07-27 17:00:59 UTC 
Description of problem:

# yum update
...
...
...
  Cleanup    : xorg-x11-drivers-7.4-8.fc18.x86_64                     1237/2465 
  Cleanup    : spice-gtk3-0.12-4.fc18.x86_64                          1238/2465 
  Cleanup    : rpm-build-4.10.0-2.fc18.x86_64                         1239/2465 
  Cleanup    : 1:NetworkManager-0.9.4-5.git20120521.fc18.x86_64       1240/2465 
  Cleanup    : libmx-1.4.6-2.fc18.x86_64                              1241/2465 
  Cleanup    : clutter-gst-1.6.0-1.fc18.x86_64                        1242/2465 
  Cleanup    : 1:nfs-utils-1.2.6-7.fc18.x86_64                        1243/2465 
  Cleanup    : 1:net-snmp-5.7.1-7.fc18.x86_64                         1244/2465 
  Cleanup    : spice-glib-0.12-4.fc18.x86_64                          1245/2465 
  Cleanup    : perl-Git-1.7.10.4-1.fc18.noarch                        1246/2465 
  Cleanup    : git-1.7.10.4-1.fc18.x86_64                             1247/2465 
  Cleanup    : pulseaudio-module-gconf-2.0-3.fc18.x86_64              1248/2465 
  Cleanup    : pulseaudio-2.0-3.fc18.x86_64                           1249/2465 
  Cleanup    : poppler-utils-0.20.0-1.fc18.x86_64                     1250/2465 
  Cleanup    : evince-libs-3.5.2-1.fc18.x86_64                        1251/2465 
  Cleanup    : setroubleshoot-server-3.1.12-3.fc18.x86_64             1252/2465 
  Cleanup    : clutter-gtk-1.3.2-1.fc18.x86_64                        1253/2465 
  Cleanup    : php-devel-5.4.4-2.fc18.x86_64                          1254/2465 
  Cleanup    : openssh-server-5.9p1-23.fc18.x86_64                    1255/2465 
Connection to 192.168.122.53 closed by remote host.
Connection to 192.168.122.53 closed.

Oops.

Version-Release number of selected component (if applicable):

As best I can tell the versions before and after the update were:
openssh-server-5.9p1-23.fc18.x86_64
openssh-server-5.9p1-24.fc18.x86_64

How reproducible:

Once.
Comment 1 Richard W.M. Jones 2012-07-27 17:26:40 UTC 
This bug also makes it impossible to recover the
transaction, since:

Remove  1202 Packages

Installed size: 2.0 G
Is this ok [y/N]: y
Downloading Packages:
Running Transaction Check
Running Transaction Test
Transaction Test Succeeded
Running Transaction
  Erasing    : openssh-server-5.9p1-23.fc18.x86_64                       1/1202 
Connection to 192.168.122.53 closed by remote host.
Connection to 192.168.122.53 closed.


I couldn't even use 'screen'.  It seems as if the cleanup
script must actually be killing a whole process group
or something like that.

My solution was:

sudo rpm -e --noscripts openssh-server-5.9p1-23.fc18.x86_64
Comment 2 Tomas Mraz 2012-07-27 18:32:50 UTC 
Do you have pam_systemd.so in /etc/pam.d/password-auth and /etc/pam.d/system-auth?
Comment 3 Richard W.M. Jones 2012-07-27 18:40:00 UTC 
# cat /etc/pam.d/password-auth
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth        required      pam_env.so
auth        sufficient    pam_unix.so nullok try_first_pass
auth        requisite     pam_succeed_if.so uid >= 1000 quiet
auth        required      pam_deny.so

account     required      pam_unix.so
account     sufficient    pam_localuser.so
account     sufficient    pam_succeed_if.so uid < 1000 quiet
account     required      pam_permit.so

password    requisite     pam_cracklib.so try_first_pass retry=3 type=
password    sufficient    pam_unix.so sha512 shadow nullok try_first_pass use_authtok
password    required      pam_deny.so

session     optional      pam_keyinit.so revoke
session     required      pam_limits.so
-session     optional      pam_systemd.so
session     [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session     required      pam_unix.so


cat /etc/pam.d/system-auth
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth        required      pam_env.so
auth        sufficient    pam_fprintd.so
auth        sufficient    pam_unix.so nullok try_first_pass
auth        requisite     pam_succeed_if.so uid >= 1000 quiet
auth        required      pam_deny.so

account     required      pam_unix.so
account     sufficient    pam_localuser.so
account     sufficient    pam_succeed_if.so uid < 1000 quiet
account     required      pam_permit.so

password    requisite     pam_cracklib.so try_first_pass retry=3 type=
password    sufficient    pam_unix.so sha512 shadow nullok try_first_pass use_authtok
password    required      pam_deny.so

session     optional      pam_keyinit.so revoke
session     required      pam_limits.so
-session     optional      pam_systemd.so
session     [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session     required      pam_unix.so
Comment 4 Tomas Mraz 2012-07-27 19:07:08 UTC 
As the module is there, there must be a regression in systemd and/or pam_systemd.
Comment 5 Petr Lautrbach 2012-07-30 06:48:32 UTC 
This is probably same issue as https://bugzilla.redhat.com/show_bug.cgi?id=835534 -
Comment 6 Richard W.M. Jones 2012-07-30 07:31:30 UTC 

*** This bug has been marked as a duplicate of bug 835534 ***