[systemd-devel] pam_systemd.so and su

Christian Hesse list at eworm.de
Thu Mar 22 04:11:30 PDT 2012 

Lennart Poettering <lennart at poettering.net> on Thu, 2012/03/22 02:11:
> On Thu, 22.03.12 00:41, Lennart Poettering (lennart at poettering.net) wrote:
> 
> > On Sun, 18.03.12 16:08, Canek Peláez Valdés (caneko at gmail.com) wrote:
> > 
> > > Hi; I'm using systemd 43 in Gentoo, and I usally have this line at the
> > > end of /etc/pam.d/system-auth:
> > > 
> > > -session        optional        pam_systemd.so
> > > 
> > > When I use su to become root, after logout the following message
> > > appears:
> > > 
> > >  ...killed.
> > > 
> > > Not always, but most of the time. Without the line with
> > > pam_systemd.so, the message never appears.
> > > 
> > > So, two questions:
> > > 
> > > 1. Why is my session being killed at logout time?
> > > 
> > > 2. The pam_systemd.so is really necessary? The "...killed." message
> > > appears after two or three seconds, and it's slightly annoying.
> > 
> > Which version of systemd is this? (If it isnt 44, please upgrade first,
> > then try to reproduce this)
> > 
> > Do you have audit enabled in the kernel and are using pam_loginuid?
> > 
> > Normally, when the pam session close hooks are called logind responds to
> > this by killing the main process of the session if it still
> > exists. This is probably the source of the problem here.
> 
> I have now commited a patch to git that might fix your issue. Please
> test:
> 
> http://cgit.freedesktop.org/systemd/systemd/commit/?id=75c8e3cffd7da8eede614cf61384957af2c82a29
> 
> I assume this fixes your problem, but since our kernels actually have
> audit enabled I am a bit too lazy trying to reproduce the issue here, so
> I'd be very thankful if you could test this!

This fixes it for me. Thanks a lot!

Though this brings another problem: I have tmux with pam support (don't know
the original link but have a copy of the patch on my personal webserver [0]).
I used to have an alias

alias tmux="tmux attach || tmux"

which tries to attach to a session and opens a new one if it fails. I had to
change this to

alias tmux "tmux attach || sleep 0.1 && tmux"

to make it work again. So maybe there's a race condition anywhere? However I
am happy with that workaround.

[0] http://www.eworm.de/download/linux/tmux-pam.patch
-- 
Best regards,
Chris
                         O< ascii ribbon campaign
                   stop html mail - www.asciiribbon.org

More information about the systemd-devel mailing list