Bug#1104693: systemd: user services get wrong environment

Klaus Stein steink at istik.de
Sun May 4 19:24:05 BST 2025 

Package: systemd
Version: 254.22-1~bpo12+1
Severity: normal

A service installed by a user with
~/> systemctl --user enable someservice
(which means it is autostarted on user login)
inherits the wrong environment (e.g. the PATH is set to the root path:
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin).
It is different from the environment that is printed by
~/> systemctl --user show-environment
If the user restarts the service it gets the expected environment.

# Step by step description #

I created the following setup to debug the situation:

1. Create new user testuser
2. Create debug.service (attached), which is a simple service I created
    that logs the current environment to /tmp/debug_env.log
3. Log in (gdm, into gnome) as testuser, run
    testuser:~/> systemctl --user enable debug
4. Log out, make sure no testuser processes are running
5. Log in again
6. Inspect content of /tmp/debug_env.log
    (attached as after-login_debug_env.log):
    While some environment variables are set correctly
    (e.g. USER=testuser) others are inherit from root (e.g.
    PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin)
7. Restart the service:
    testuser:~/> systemctl --user restart debug
8. Inspect content of /tmp/debug_env.log
    (attached as after-restart_debug_env.log) again:
    Now I get a different environment, especially
    PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games

The environment I get in 8. is the same that
testuser:~/> systemctl --user show-environment 
 >systemd-gui-user-environment.log
(file is attached) shows.

I expect the environment in the service to be the same as what
~/> systemctl --user show-environment
shows me.

# Original error occurence #

I stumbled upon this when using emacs.service:
~/> systemctl --user enable emacs
After reboot/new login:
~/> emacsclient -e '(getenv "PATH")'
"/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
~/> systemctl --user restart emacs
~/> emacsclient -e '(getenv "PATH")'
"/home/steink/bin:/home/steink/bin:/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games:/home/steink/.gem/ruby/3.1.0/bin"
This is the PATH which is (dynamically) constructed from ~/.profile.

# Additional system information #

The laptop has a fresh bookworm install.
On another laptop where I upgraded from bullseye I did not see this problem.

I first noticed the problem with the original systemd package. During 
debugging I upgraded to systemd from backports, the problem persisted.

If I login testuser on the text console (tty4) and do
testuser:~/> systemctl --user show-environment 
 >/tmp/systemd-console-user-environment.log
(file is attached) I get the root environment.

So I assume the systemd user environment is somehow modified during 
graphical startup and the emacs.service (or debug.service) is simply
started too early.

I would want a consistant behaviour for this (and at least not sbin in 
the PATH). It would make things easier if I get the environment
(PATH and others) from ~/.profile (which I end up getting on graphical
login, but too late?), even though this is not documented systemd
behaviour as far as I understand this.

I also attached
~/> systemd-cgls >/tmp/systemd-cgls.log

I don't fully understand the systemd startup in debian (I still have to 
adapt to systemd) so I may be completely wrong (is there some overview
document for the whole thing?).

Thanks a lot for your work!


-- Package-specific info:

-- System Information:
Debian Release: 12.10
   APT prefers stable-updates
   APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 
'proposed-updates'), (500, 'stable'), (100, 'bookworm-fasttrack'), (100, 
'bookworm-backports-staging')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.12.22+bpo-amd64 (SMP w/14 CPU threads; PREEMPT)
Kernel taint flags: TAINT_USER
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE 
not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages systemd depends on:
ii  libacl1            2.3.1-3
ii  libaudit1          1:3.0.9-1
ii  libblkid1          2.38.1-5+deb12u3
ii  libc6              2.36-9+deb12u10
ii  libcap2            1:2.66-4+deb12u1
ii  libcryptsetup12    2:2.6.1-4~deb12u2
ii  libfdisk1          2.38.1-5+deb12u3
ii  libgcrypt20        1.10.1-3
ii  libkmod2           30+20221128-1
ii  liblz4-1           1.9.4-1
ii  liblzma5           5.4.1-1
ii  libmount1          2.38.1-5+deb12u3
ii  libp11-kit0        0.24.1-2
ii  libseccomp2        2.5.4-1+deb12u1
ii  libselinux1        3.4-1+b6
ii  libssl3            3.0.16-1~deb12u1
ii  libsystemd-shared  254.22-1~bpo12+1
ii  libsystemd0        254.22-1~bpo12+1
ii  libzstd1           1.5.4+dfsg2-5
ii  mount              2.38.1-5+deb12u3
ii  systemd-dev        254.22-1~bpo12+1

Versions of packages systemd recommends:
ii  dbus [default-dbus-system-bus]   1.14.10-1~deb12u1
ii  systemd-timesyncd [time-daemon]  254.22-1~bpo12+1

Versions of packages systemd suggests:
ii  libfido2-1            1.12.0-2+b1
ii  libqrencode4          4.1.1-1
ii  libtss2-esys-3.0.2-0  3.2.1-3
ii  libtss2-mu0           3.2.1-3
ii  libtss2-rc0           3.2.1-3
ii  polkitd               122-3
ii  python3               3.11.2-1+b1
pn  python3-pefile        <none>
pn  systemd-boot          <none>
ii  systemd-container     254.22-1~bpo12+1
pn  systemd-homed         <none>
pn  systemd-resolved      <none>
pn  systemd-userdbd       <none>

Versions of packages systemd is related to:
ii  dbus-user-session  1.14.10-1~deb12u1
pn  dracut             <none>
ii  initramfs-tools    0.142+deb12u3
ii  libnss-systemd     254.22-1~bpo12+1
ii  libpam-systemd     254.22-1~bpo12+1
ii  udev               254.22-1~bpo12+1

-- no debconf information

-- 
http://lapiz.istik.de/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: debug.service
Type: text/x-dbus-service
Size: 168 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-systemd-maintainers/attachments/20250504/0a40d4d9/attachment-0006.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: after-login_debug_env.log
Type: text/x-log
Size: 766 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-systemd-maintainers/attachments/20250504/0a40d4d9/attachment-0007.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: after-restart_debug_env.log
Type: text/x-log
Size: 1377 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-systemd-maintainers/attachments/20250504/0a40d4d9/attachment-0008.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: systemd-gui-user-environment.log
Type: text/x-log
Size: 1093 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-systemd-maintainers/attachments/20250504/0a40d4d9/attachment-0009.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: systemd-console-user-environment.log
Type: text/x-log
Size: 463 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-systemd-maintainers/attachments/20250504/0a40d4d9/attachment-0010.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: systemd-cgls.log
Type: text/x-log
Size: 11450 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-systemd-maintainers/attachments/20250504/0a40d4d9/attachment-0011.bin>

More information about the Pkg-systemd-maintainers mailing list