Bug#922647: Info received (Bug#922647: systemd --user no longer running)

Steve Langasek vorlon at debian.org
Sun Mar 10 03:50:48 GMT 2019 

On Sat, Mar 09, 2019 at 08:25:50PM +0100, Michael Biebl wrote:
> [bringing Steve, our pam maintainer, into the loop]

> Hi Steve,

> the following looks like an issue in pam-auth-update and similar to
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=923362

> Any idea what might be going wrong there?

If it's the same as bug #923362, note that this bug was closed as invalid as
the user had a corrupt debconf database that was somehow causing the wrong
information to be returned to pam-auth-update.

So it's quite possible this is a latent debconf database corruption problem
on end users' systems, which is only tickled now as a result of there being
a new upstream version of pam causing pam debconf prompts for the first time
in a few years.

I would suggest taking a snapshot of /var/cache/debconf, then running
/usr/share/debconf/fix_db.pl as the submitter of the other bug did, then
diffing to see what has changed if anything.

> Am 09.03.19 um 19:55 schrieb Julien Leproust:
> > Hi,
> > 
> > Well we're in luck, I have etckeeper installed since 2012.
> > 
> > On both machines, I never edited /etc/pam.d/common-* manually.
> > 
> > * fc3256a - Sat, 9 Mar 2019 12:59:20 +0100 (7 hours ago) (HEAD -> master)
> > |           daily autocommit - root
> > * efc0d23 - Thu, 7 Feb 2019 23:16:46 +0100 (4 weeks ago)
> > |           committing changes in /etc made by "aptitude" - root
> > * 6d1fbcf - Tue, 20 Feb 2018 22:51:34 +0100 (1 year, 1 month ago)
> > |           committing changes in /etc after apt run - root
> > * 72d4029 - Tue, 19 Apr 2016 22:00:51 +0200 (2 years, 11 months ago)
> > |           committing changes in /etc after apt run - root
> > * 50f69ee - Sat, 1 Mar 2014 15:33:33 +0100 (5 years ago)
> > |           committing changes in /etc after apt run - root
> > * dee824f - Sat, 4 Aug 2012 10:55:33 +0200 (7 years ago)
> >             Initial commit - root
> > 
> > The modification today is the fix using pam-auth-update.
> > 
> > The last modification, which broke pam_systemd.so, was triggered by
> > libpam-cap:amd64 (1:2.25-2). The update triggered pam-auth-update, and
> > /var/log/apt/term.log shows the choices I made:
> > 
> > ────────────────────────┤ PAM configuration ├───────────────────────
> > Pluggable Authentication Modules (PAM) determine how authentication,
> > authorization, and password changing are handled on the system, as
> > well as allowing configuration of additional actions to take when
> > starting user sessions.
> > 
> > Some PAM module packages provide profiles that can be used to
> > automatically adjust the behavior of all PAM-using applications on
> > the system.  Please indicate which of these behaviors you wish to
> > enable.
> > 
> > PAM profiles to enable:
> > 
> >    [*] Unix authentication
> >    [*] Register user sessions in the systemd control group ...
> >    [ ] Create home directory on login
> >    [*] GNOME Keyring Daemon - Login keyring management
> >    [*] Inheritable Capabilities Management
> > 
> > 
> >                   <Ok>                       <Cancel>
> > 
> > ────────────────────────────────────────────────────────────────────
> > 
> > And then, pam_systemd.so was incorrectly removed? I'm sure you're going
> > to assume I disabled the second option, but I really doubt this.
> > 
> > Previous modifications:
> > - 20 Feb 2018: removal of libpam-ck-connector
> > - 19 Apr 2016: installation of libpam-cgfs
> > - 1 Mar 2014: installation of libpam-systemd
> > 
> > Initial state for reference in August 2012:
> > =======================================================================
> > #
> > # /etc/pam.d/common-session - session-related modules common to all
> > services
> > #
> > # This file is included from other service-specific PAM config files,
> > # and should contain a list of modules that define tasks to be performed
> > # at the start and end of sessions of *any* kind (both interactive and
> > # non-interactive).
> > #
> > # As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
> > # To take advantage of this, it is recommended that you configure any
> > # local modules either before or after the default block, and use
> > # pam-auth-update to manage selection of other modules.  See
> > # pam-auth-update(8) for details.
> > 
> > # here are the per-package modules (the "Primary" block)
> > session    [default=1]            pam_permit.so
> > # here's the fallback if no module succeeds
> > session    requisite            pam_deny.so
> > # prime the stack with a positive return value if there isn't one already;
> > # this avoids us returning an error just because nothing sets a success
> > code
> > # since the modules above will each just jump around
> > session    required            pam_permit.so
> > # and here are more per-package modules (the "Additional" block)
> > session    required    pam_unix.so
> > session    optional    pam_systemd.so
> > session    optional            pam_ck_connector.so nox11
> > # end of pam-auth-update config
> > =======================================================================
> > 
> > And today:
> > =======================================================================
> > #
> > # /etc/pam.d/common-session - session-related modules common to all
> > services
> > #
> > # This file is included from other service-specific PAM config files,
> > # and should contain a list of modules that define tasks to be performed
> > # at the start and end of sessions of *any* kind (both interactive and
> > # non-interactive).
> > #
> > # As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
> > # To take advantage of this, it is recommended that you configure any
> > # local modules either before or after the default block, and use
> > # pam-auth-update to manage selection of other modules.  See
> > # pam-auth-update(8) for details.
> > 
> > # here are the per-package modules (the "Primary" block)
> > session    [default=1]            pam_permit.so
> > # here's the fallback if no module succeeds
> > session    requisite            pam_deny.so
> > # prime the stack with a positive return value if there isn't one already;
> > # this avoids us returning an error just because nothing sets a success
> > code
> > # since the modules above will each just jump around
> > session    required            pam_permit.so
> > # and here are more per-package modules (the "Additional" block)
> > session    required    pam_unix.so
> > session    optional    pam_systemd.so
> > session    optional    pam_cgfs.so -c freezer,memory,name=systemd
> > # end of pam-auth-update config
> > =======================================================================
> > 
> > I can provide the full git and apt logs, but I'd have to edit them
> > before to hide personal information.
> > 
> > Thanks anyway.
> > 
> > Best regards,
> > 
> 
> 
> -- 
> Why is it that all of the instruments seeking intelligent life in the
> universe are pointed away from Earth?
> 




-- 
Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
Ubuntu Developer                                   https://www.debian.org/
slangasek at ubuntu.com                                     vorlon at debian.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-systemd-maintainers/attachments/20190309/39a58499/attachment-0001.sig>

More information about the Pkg-systemd-maintainers mailing list