[pkg-gnupg-maint] Bug#1101471: Bug#1101471: starting of agent for system accounts is inacceptable
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Tue Apr 15 17:03:27 BST 2025
On Sun 2025-04-13 15:21:43 +0200, Marc Haber wrote:
> On Wed, Apr 09, 2025 at 04:39:14PM -0400, Daniel Kahn Gillmor wrote:
>>Marc, what does this command show for you?
>>
>> gpgconf --list-options gpg-agent | grep ^enable-ssh-agent:
>
> Nothing.
sorry, this should have been:
gpgconf --list-options gpg-agent | grep '^enable-ssh-support:'
> It looks like the unit is started once an ansible run is invoked with
> this account, as:
>
> [20/5005]mh at spinturn:~ $ sudo ls -al /run/user/2530/systemd/units
> total 0
> drwxr-xr-x 2 zgansible nogroup 80 Apr 13 15:16 .
> drwxr-xr-x 5 zgansible nogroup 140 Apr 13 15:16 ..
> lrwxrwxrwx 1 zgansible nogroup 32 Apr 13 15:16 invocation:gpg-agent.socket -> c8306e63c8d94fb7b83466a89bcb6fbd
> lrwxrwxrwx 1 zgansible nogroup 32 Apr 13 15:16 invocation:gpg-agent-ssh.socket -> 911379f7cd814041bba22f208878aef4
> [21/5006]mh at spinturn:~ $
>
> and this unit seems to stay around for a while (or indefinetely?) after
> the user has logged out after finishing the ansible run.
AFAIK, systemd *should* clean up the user units after the ansible run is
complete, if the ansible user terminates cleanly. How is the ansible
run triggered? is systemd lingering for this user?
you can use "loginctl" to interrogate whether lingering is enabled for a
given user or session (e.g., the list-users, user-status, and show-user
subcommands).
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-gnupg-maint/attachments/20250415/632e1a0c/attachment.sig>
More information about the pkg-gnupg-maint
mailing list