Bug#922647: Info received (Bug#922647: systemd --user no longer running)

Julien Leproust julien+bts at kwet.org
Sat Mar 9 18:55:41 GMT 2019 

Hi,

Well we're in luck, I have etckeeper installed since 2012.

On both machines, I never edited /etc/pam.d/common-* manually.

* fc3256a - Sat, 9 Mar 2019 12:59:20 +0100 (7 hours ago) (HEAD -> master)
|           daily autocommit - root
* efc0d23 - Thu, 7 Feb 2019 23:16:46 +0100 (4 weeks ago)
|           committing changes in /etc made by "aptitude" - root
* 6d1fbcf - Tue, 20 Feb 2018 22:51:34 +0100 (1 year, 1 month ago)
|           committing changes in /etc after apt run - root
* 72d4029 - Tue, 19 Apr 2016 22:00:51 +0200 (2 years, 11 months ago)
|           committing changes in /etc after apt run - root
* 50f69ee - Sat, 1 Mar 2014 15:33:33 +0100 (5 years ago)
|           committing changes in /etc after apt run - root
* dee824f - Sat, 4 Aug 2012 10:55:33 +0200 (7 years ago)
             Initial commit - root

The modification today is the fix using pam-auth-update.

The last modification, which broke pam_systemd.so, was triggered by 
libpam-cap:amd64 (1:2.25-2). The update triggered pam-auth-update, and 
/var/log/apt/term.log shows the choices I made:

────────────────────────┤ PAM configuration ├───────────────────────
Pluggable Authentication Modules (PAM) determine how authentication,
authorization, and password changing are handled on the system, as
well as allowing configuration of additional actions to take when
starting user sessions.

Some PAM module packages provide profiles that can be used to
automatically adjust the behavior of all PAM-using applications on
the system.  Please indicate which of these behaviors you wish to
enable.

PAM profiles to enable:

    [*] Unix authentication
    [*] Register user sessions in the systemd control group ...
    [ ] Create home directory on login
    [*] GNOME Keyring Daemon - Login keyring management
    [*] Inheritable Capabilities Management


                   <Ok>                       <Cancel>

────────────────────────────────────────────────────────────────────

And then, pam_systemd.so was incorrectly removed? I'm sure you're going 
to assume I disabled the second option, but I really doubt this.

Previous modifications:
- 20 Feb 2018: removal of libpam-ck-connector
- 19 Apr 2016: installation of libpam-cgfs
- 1 Mar 2014: installation of libpam-systemd

Initial state for reference in August 2012:
=======================================================================
#
# /etc/pam.d/common-session - session-related modules common to all services
#
# This file is included from other service-specific PAM config files,
# and should contain a list of modules that define tasks to be performed
# at the start and end of sessions of *any* kind (both interactive and
# non-interactive).
#
# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
# To take advantage of this, it is recommended that you configure any
# local modules either before or after the default block, and use
# pam-auth-update to manage selection of other modules.  See
# pam-auth-update(8) for details.

# here are the per-package modules (the "Primary" block)
session	[default=1]			pam_permit.so
# here's the fallback if no module succeeds
session	requisite			pam_deny.so
# prime the stack with a positive return value if there isn't one already;
# this avoids us returning an error just because nothing sets a success code
# since the modules above will each just jump around
session	required			pam_permit.so
# and here are more per-package modules (the "Additional" block)
session	required	pam_unix.so
session	optional	pam_systemd.so
session	optional			pam_ck_connector.so nox11
# end of pam-auth-update config
=======================================================================

And today:
=======================================================================
#
# /etc/pam.d/common-session - session-related modules common to all services
#
# This file is included from other service-specific PAM config files,
# and should contain a list of modules that define tasks to be performed
# at the start and end of sessions of *any* kind (both interactive and
# non-interactive).
#
# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
# To take advantage of this, it is recommended that you configure any
# local modules either before or after the default block, and use
# pam-auth-update to manage selection of other modules.  See
# pam-auth-update(8) for details.

# here are the per-package modules (the "Primary" block)
session	[default=1]			pam_permit.so
# here's the fallback if no module succeeds
session	requisite			pam_deny.so
# prime the stack with a positive return value if there isn't one already;
# this avoids us returning an error just because nothing sets a success code
# since the modules above will each just jump around
session	required			pam_permit.so
# and here are more per-package modules (the "Additional" block)
session	required	pam_unix.so
session	optional	pam_systemd.so
session	optional	pam_cgfs.so -c freezer,memory,name=systemd
# end of pam-auth-update config
=======================================================================

I can provide the full git and apt logs, but I'd have to edit them 
before to hide personal information.

Thanks anyway.

Best regards,

-- 
Julien Leproust

More information about the Pkg-systemd-maintainers mailing list