[Pkg-shadow-devel] Bug#813789: systemd: su -l does not start/attach to user session

Michael Biebl biebl at debian.org
Fri Feb 5 10:36:34 UTC 2016

Am 02/05/2016 um 10:51 AM schrieb Boris Kolpackov:
> Package: systemd
> Version: 215-17+deb8u2
> Severity: normal
> Hi,
> I keep seeing in various places (Debian-related and otherwise) that
> su does not start a new systemd user session because it is not a
> proper login. The symptom is:

Actually in Debian, su *does* start a logind session. If you look at

/etc/pam.d/su it includes /etc/pam.d/common-session

If libpam-systemd is installed, there will be an entry in common-session
like this:
session	optional	pam_systemd.so

If that line is missing, then most likely common-session had local
modifications and those are preserved by pam-auth-update.

So we *do* start a logind session for both su and su -l. It should
probably only be done for the latter. We could actually argue that this
is a bug in Debian in the su configuration.

Fedora/Redhat differentiate su and su -l and ship different pam configs:
/etc/pam.d/su and

> # su -l boris
> $ systemctl --user status
> Failed to get D-Bus connection: Connection refused

If libpam-systemd is installed and enabled, that should actually work.

> To me, it seems su -/-l/--login is just like login (what is the
> conceptual difference between su -l boris and ssh boris at
> It also does not attach to a (lingering) user session, unless I
> manually do:
> export XDG_RUNTIME_DIR=/run/user/`id -u`
> [Note that in this case XDG_SESSION_ID will still be bogus but
> apparently it is harmless since it is for information purposes
> only.]
> It seems the decision whether it is a proper login or not is
> made somewhere in /etc/pam.d/. While looking through the files
> I noticed that the runuser-l file in this directory (but not
> runuser) contains this line:
> -session        optional        pam_systemd.so

If that is the only file with a pam_systemd line, then libpam-systemd is
either not installed or not enabled due to local modifications in

> While this may seem like it should be the solution, runuser -l
> still doesn't start/attach to the user session. So the purpose
> of this extra line is still a mystery to me.
> For completeness, let me mention /usr/share/pam-configs/systemd
> which seems related but I am not sure how.

It's unclear to me, why you filed this as an issue against systemd?
I don't see anything that the systemd package can do about the su
behaviour. su is shipped by the login package.

Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-shadow-devel/attachments/20160205/9991de63/attachment.sig>

More information about the Pkg-shadow-devel mailing list