Hide Forgot
Description of problem: After upgrading to F16 I had big problems with all around the system. gnome-shell wasn't starting, sound wasn't working, simple-scan couldn't work. All was caused by missing ACLs. I found that logged in user does not have "seat0" attached, so no ACLs are granted: # systemd-loginctl SESSION UID USER SEAT 49 500 zdzichu 392 500 zdzichu (here you see one session from GDM-autologin and second from ssh login). I've checked with another user, with UID 1039 - this user don't get seat attached also. logind seems to work fine, here's what caused by cron jobs: Dec 11 19:05:01 mother systemd-logind[1307]: New session 560 of user mailman. Dec 11 19:05:02 mother systemd-logind[1307]: Removed session 560. And the seat is present: # systemd-loginctl list-seats SEAT seat0 1 seats listed. [root@mother 002]# systemd-loginctl seat-status seat0 seat0 Devices: ├ /sys/devices/LNXSYSTM:00/LNXPWRBN:00/input/input1 │ (input:input1) "Power Button" ├ /sys/devices/LNXSYSTM:00/device:00/PNP0C0C:00/input/input0 │ (input:input0) "Power Button" ├ /sys/devices/pci0000:00/0000:00:02.0/drm/card0 │ (drm:card0) ├ /sys/devices/pci0000:00/0000:00:02.0/graphics/fb0 │ (graphics:fb0) "inteldrmfb" ├ /sys/devices/pci0000:00/0000:00:1a.0/usb1 │ (usb:usb1) │ └ /sys/devices/pci0000:00/0000:00:1a.0/usb1/1-1 │ (usb:1-1) │ ├ /sys/devices/pci0000:00/0000:00:1a.0/usb1/1-1/1-1.2/1-1.2:1.0/video4linux/video0 │ │ (video4linux:video0) "gspca main driver" │ ├ /sys/devices/pci0000:00/0000:00:1a.0/usb1/1-1/1-1.2/1-1.2:1.1/sound/card1 │ │ (sound:card1) "U0x46d0x8da" │ └ /sys/devices/pci0000:00/0000:00:1a.0/usb1/1-1/1-1.2/input/input47 │ (input:input47) "zc3xx" ├ /sys/devices/pci0000:00/0000:00:1b.0/sound/card0 │ (sound:card0) "PCH" │ ├ /sys/devices/pci0000:00/0000:00:1b.0/sound/card0/input5 │ │ (input:input5) "HDA Intel PCH HDMI/DP" │ ├ /sys/devices/pci0000:00/0000:00:1b.0/sound/card0/input6 │ │ (input:input6) "HDA Intel PCH HDMI/DP" │ └ /sys/devices/pci0000:00/0000:00:1b.0/sound/card0/input7 │ (input:input7) "HDA Intel PCH Headphone" ├ /sys/devices/pci0000:00/0000:00:1c.6/0000:06:00.0/usb3 │ (usb:usb3) ├ /sys/devices/pci0000:00/0000:00:1c.6/0000:06:00.0/usb4 │ (usb:usb4) ├ /sys/devices/pci0000:00/0000:00:1d.0/usb2 │ (usb:usb2) │ └ /sys/devices/pci0000:00/0000:00:1d.0/usb2/2-1 │ (usb:2-1) │ ├ /sys/devices/pci0000:00/0000:00:1d.0/usb2/2-1/2-1.2 │ │ (usb:2-1.2) │ └ /sys/devices/pci0000:00/0000:00:1d.0/usb2/2-1/2-1.3 │ (usb:2-1.3) │ ├ /sys/devices/pci0000:00/0000:00:1d.0/usb2/2-1/2-1.3/2-1.3.2/2-1.3.2:1.0/input/input2 │ │ (input:input2) " USB Keyboard" │ ├ /sys/devices/pci0000:00/0000:00:1d.0/usb2/2-1/2-1.3/2-1.3.2/2-1.3.2:1.1/input/input3 │ │ (input:input3) " USB Keyboard" │ └ /sys/devices/pci0000:00/0000:00:1d.0/usb2/2-1/2-1.3/2-1.3.4/2-1.3.4:1.0/input/input35 │ (input:input35) "Logitech Optical USB Mouse" └ /sys/devices/virtual/misc/rfkill (misc:rfkill) I've run authconfig to regenerate *auth-ac files and *auth symlinks in pam.d. Those look fine: # cat system-auth #%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time authconfig is run. auth required pam_env.so auth sufficient pam_unix.so nullok try_first_pass auth requisite pam_succeed_if.so uid >= 500 quiet auth required pam_deny.so account required pam_unix.so account sufficient pam_localuser.so account sufficient pam_succeed_if.so uid < 500 quiet account required pam_permit.so password requisite pam_cracklib.so try_first_pass retry=3 password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok password required pam_deny.so session optional pam_keyinit.so revoke session required pam_limits.so -session optional pam_systemd.so debug=yes session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid session required pam_unix.so [root@mother pam.d]# [root@mother pam.d]# cat password-auth #%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time authconfig is run. auth required pam_env.so auth sufficient pam_unix.so nullok try_first_pass auth requisite pam_succeed_if.so uid >= 500 quiet auth required pam_deny.so account required pam_unix.so account sufficient pam_localuser.so account sufficient pam_succeed_if.so uid < 500 quiet account required pam_permit.so password requisite pam_cracklib.so try_first_pass retry=3 password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok password required pam_deny.so session optional pam_keyinit.so revoke session required pam_limits.so -session optional pam_systemd.so debug=yes session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid session required pam_unix.so (I've added debug=yes during investigation, but it did not generate any additional info from loginctl). What's next? Version-Release number of selected component (if applicable): systemd-37-3.fc16.i686 pam-1.1.5-1.fc16.i686 authconfig-6.1.16-2.fc16.i686 gdm-3.2.1.1-8.fc16.i686 How reproducible: Always. Steps to Reproduce: 1. Start computer 2. Wait for GDM to auto-log configured in user OR manually log in 3. Observer no seat attached to user -> no ACLs.
PAM is not doing any seat assignment anymore. It is probably either gdm or systemd problem.
(In reply to comment #0) > # systemd-loginctl > SESSION UID USER SEAT > 49 500 zdzichu > 392 500 zdzichu What else does logind know about the sessions? Try: systemd-loginctl session-status 49
49 is a ssh session, not so much interesting. 392 is graphical login. Both below: % systemd-loginctl session-status 49 49 - zdzichu (500) Since: Sat, 10 Dec 2011 17:12:40 +0100; 3 days ago Leader: 9865 TTY: ssh Remote: sandworm.local Service: sshd; type tty Active: yes CGroup: /user/zdzichu/49 ├ 6235 /usr/libexec/vino-server ├ 6237 /usr/libexec/gvfsd ├ 6246 /usr/libexec/mission-control-5 ├ 6250 /usr/libexec/goa-daemon ├ 6255 /usr/bin/gnome-keyring-daemon --start --foreground --components=secrets ├ 9928 /bin/dbus-daemon --fork --print-pid 4 --print-address 6 --session ├ 9955 SCREEN ├ 9956 /bin/zsh ├ 9987 su - ├ 9992 -bash ├ 10265 /bin/sh /root/bin/logwatch ├ 10266 tail --follow=name --max-unchanged-stats=60 /var/log/vsftpd.log /var/log/httpd/access_log /var/log/messages /var/log/httpd/ssl_access_log /var/log/maillo... ├ 10267 ccze -A ├ 10805 /bin/zsh ├ 10835 irssi ├ 10875 /bin/zsh ├ 10906 /bin/zsh ├ 11549 /bin/zsh ├ 12698 sh /home/zdzichu/bin/sd t ├ 12699 slrn --nntp -f /home/zdzichu/.jnewsrc ├ 17562 mutt ├ 21756 systemd-loginctl session-status 49 ├ 24856 /bin/zsh ├ 24887 su - └ 24894 -bash % systemd-loginctl session-status 392 392 - zdzichu (500) Since: Sun, 11 Dec 2011 10:25:49 +0100; 2 days ago Leader: 31525 (gdm-session-wor) Display: :0 Service: gdm-password; type x11 Active: yes CGroup: /user/zdzichu/392 ├ 7014 /usr/libexec/gvfsd-metadata ├ 17758 totem /home/common/seriale/Dexter/Dexter s06/Dexter.S06E02.Once.Upon.a.Time.HDTV.XviD-FQM.avi ├ 31525 gdm-session-worker [pam/gdm-password] ├ 31556 gnome-session ├ 31565 dbus-launch --sh-syntax --exit-with-session ├ 31566 /bin/dbus-daemon --fork --print-pid 5 --print-address 7 --session ├ 31628 /usr/libexec/imsettings-daemon ├ 31631 /usr/libexec/gvfsd ├ 31704 /usr/libexec/gconfd-2 ├ 31713 /usr/libexec/gnome-settings-daemon ├ 31715 /usr/bin/pulseaudio --start ├ 31724 /usr/libexec/pulse/gconf-helper ├ 31732 /usr/libexec/gsd-printer ├ 31737 /usr/libexec/gvfs-gdu-volume-monitor ├ 31743 /usr/libexec/gvfs-afc-volume-monitor ├ 31746 /usr/libexec/gvfs-gphoto2-volume-monitor ├ 31747 gnome-shell --sm-client-id 10e2450a3d63b3c5b8131827096097255100000032950000 ├ 31757 /usr/libexec/dconf-service ├ 31761 nm-applet ├ 31762 /usr/libexec/evolution/3.2/evolution-alarm-notify ├ 31764 abrt-applet ├ 31765 /usr/sbin/restorecond -u ├ 31768 /usr/libexec/tracker-miner-fs ├ 31769 /usr/libexec/tracker-miner-flickr ├ 31770 /usr/libexec/gdu-notification-daemon ├ 31778 /usr/libexec/tracker-store ├ 31789 /usr/bin/seapplet ├ 31794 gnome-screensaver ├ 31815 /usr/lib/firefox/firefox --sm-config-prefix /firefox-5ytQgW/ --sm-client-id 10d2c346f4f910ff89132069292638160200000031250041 --screen 0 ├ 31856 /usr/libexec/e-calendar-factory ├ 31872 /usr/libexec/e-addressbook-factory ├ 31879 /usr/libexec/goa-daemon ├ 31895 /usr/libexec/gnome-shell-calendar-server ├ 31899 /usr/libexec/mission-control-5 ├ 32041 /usr/libexec/libsocialweb-core ├ 32197 python /usr/bin/quodlibet ├ 32221 nautilus ├ 32228 /usr/libexec/gvfsd-trash --spawner :1.4 /org/gtk/gvfs/exec_spaw/0 └ 32234 /usr/libexec/gvfsd-burn --spawner :1.4 /org/gtk/gvfs/exec_spaw/1
The thing must be having some problem with mapping the display name to the seat. Does the Xorg process have a controlling terminal?: ps -o tty $(pidof Xorg)
% ps aux | grep Xorg root 31450 0.3 0.1 24504 12084 tty7 Ss+ Dec11 13:12 /usr/bin/Xorg :0 -br -verbose -logverbose 7 -auth /var/run/gdm/auth-for-gdm-chwlyD/database -nolisten tcp zdzichu@mother:/tmp% ps -o tty 31450 TT tty7 Hm, weird number, but it does have. This whole "automatic multiseat" could be a little bit more documented.
As discussed on IRC... When you have time, please obtain debug output from pam_systemd.so (it should be in /var/log/secure) with this patch applied: http://cgit.freedesktop.org/systemd/commit/?id=ce9593140b127ce782e2fa2f47fc55558b331126
Dec 15 01:12:36 mother gdm-autologin][2042]: pam_systemd(gdm-autologin:session): Asking logind to create session: uid=500 pid=2042 service=gdm-autologin type=x11 seat= vtnr=0 tty= dis play=:0 remote=no remote_user= remote_host= Dec 15 01:12:36 mother gdm-autologin][2042]: pam_systemd(gdm-autologin:session): Reply from logind: id=1 object_path=/org/freedesktop/login1/session/1 runtime_path=/run/user/zdzichu s ession_fd=12 seat= vtnr=0 Dec 15 01:12:36 mother gdm-autologin][2042]: pam_unix(gdm-autologin:session): session opened for user zdzichu by (uid=0) Computer was restarted, ps -o tty $(pidof Xorg) TT tty1
OK, so after investigation, separate /tmp dir caused by pam_namespace was to blame. I disabled private /tmp and problem went away. Actual fault came from line #304 in pam-module.c. connect() to /tmp/.X11-unix/X0 was failing with errno =2 (no such file). Indeed, this socket wasn't available in user's /tmp. Lennart suggested that pam_systemd could be modified to connect to abstract socket first.