[systemd-devel] pam_systemd.so and su

Frederic Crozat fcrozat at suse.com
Tue May 22 09:32:57 PDT 2012 

Le jeudi 22 mars 2012 à 02:11 +0100, Lennart Poettering a écrit :
> On Thu, 22.03.12 00:41, Lennart Poettering (lennart at poettering.net) wrote:
> 
> > On Sun, 18.03.12 16:08, Canek Peláez Valdés (caneko at gmail.com) wrote:
> > 
> > > Hi; I'm using systemd 43 in Gentoo, and I usally have this line at the
> > > end of /etc/pam.d/system-auth:
> > > 
> > > -session        optional        pam_systemd.so
> > > 
> > > When I use su to become root, after logout the following message appears:
> > > 
> > >  ...killed.
> > > 
> > > Not always, but most of the time. Without the line with
> > > pam_systemd.so, the message never appears.
> > > 
> > > So, two questions:
> > > 
> > > 1. Why is my session being killed at logout time?
> > > 
> > > 2. The pam_systemd.so is really necessary? The "...killed." message
> > > appears after two or three seconds, and it's slightly annoying.
> > 
> > Which version of systemd is this? (If it isnt 44, please upgrade first,
> > then try to reproduce this)
> > 
> > Do you have audit enabled in the kernel and are using pam_loginuid?
> > 
> > Normally, when the pam session close hooks are called logind responds to
> > this by killing the main process of the session if it still
> > exists. This is probably the source of the problem here.
> 
> I have now commited a patch to git that might fix your issue. Please
> test:
> 
> http://cgit.freedesktop.org/systemd/systemd/commit/?id=75c8e3cffd7da8eede614cf61384957af2c82a29
> 
> I assume this fixes your problem, but since our kernels actually have
> audit enabled I am a bit too lazy trying to reproduce the issue here, so
> I'd be very thankful if you could test this!

Well, I'm able to reproduce this problem with a kernel with audit
enabled and configured, unfortunately.

Our patch seems to improve the situation a little bit, but not entirely,
when running inside a previously detached screen session:
- su -l calls aren't killed when exiting them
- but sudo calls are being terminated before being started, after the
second sudo call. You need to call one time "su -l", and the, sudo will
work one time.

(we are calling pam_systemd in a common-session file which is including
in a lot of pam configuration, including sudo and su-l).

-- 
Frederic Crozat <fcrozat at suse.com>
SUSE

More information about the systemd-devel mailing list