Bug#851243: libpam-systemd: pam_systemd does not catch supplementary groups from pam_group
Juha Erkkilä
Juha.Erkkila at opinsys.fi
Fri Feb 24 10:53:35 GMT 2017
Here is a workaround for this problem. It is possible to create
a file /etc/systemd/system/user at .service.d/override.conf with
the following contents:
[Service]
SupplementaryGroups=dialout
Now, when used in conjunction with pam_group as specified in the
bug report, all desktop processes' group permissions are correct.
The pam_group-mechanism is responsible for setting the supplementary
groups for some processes, and the other processes (which are spawned
by the systemd user manager instance, I presume) get the same groups
through this other mechanism.
The end result is not exactly the same, though, because the pam_group
mechanism can be used to set a different set of groups for each
pam-service.
Juha
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/pkg-systemd-maintainers/attachments/20170224/38862083/attachment.html>
More information about the Pkg-systemd-maintainers
mailing list