[systemd-devel] Help with pam_systemd..

Kok, Auke-jan H auke-jan.h.kok at intel.com
Sat May 26 10:12:38 PDT 2012 

On Sat, May 26, 2012 at 3:31 PM, Shawn Ferris <shawn.ferris at gmail.com> wrote:
> Hey everyone,
>
> I've got a Buildroot FS and was trying to get 'system --user'
> functionality working. I didn't have PAM installed (it wasn't
> available in buildroot), but was informed that it was a must, so I
> have added it to my system now. Pam seems to be working perfectly as
> in I can log into the system with 'auth required pam_unix.so' but it
> wont even prompt for a password with 'auth required pam_nologin.so'.
>
> When I added pam_systemd.so, I get locked out of my system. He's my pam entry:

which pam entry is this? /etc/pam.d/??

> #PAM-1.0
> auth       required     pam_unix.so
> auth       required     pam_nologin.so
> account    required     pam_unix.so
> password   required     pam_unix.so
> session    required     pam_unix.so
> session    required     pam_loginuid.so
> -session    required     pam_systemd.so kill-session-processes=1 debug=1

this needs to be

session   optional   pam_systemd.so ...

>
> (Per pam_systemd man page with the addition of debug)
>
> When I attempt to log in, I succeed auth and systemd-logind creates a
> new session, but immediately removes it and I'm returned to the login
> prompt. EG:
>
> /var/log/secure:
>
> 2000-01-01T00:16:55+00:00 buildroot login[1678]:
> pam_unix(login:session): session opened for user root by LOGIN(uid=0)
> 2000-01-01T00:16:55+00:00 buildroot login[1678]:
> pam_systemd(login:session): Asking logind to create session: uid=0
> pid=1678 service=login type=tty seat= vtnr=0 tty=ttyO2 display=
> remote=no remote_user= remote_host=
> 2000-01-01T00:16:55+00:00 buildroot login[1678]:
> pam_systemd(login:session): Reply from logind: id=c4
> object_path=/org/freedesktop/login1/session/c4
> runtime_path=/run/user/root session_fd=6 seat= vtnr=0
>
> jounalctl:
>
> Jan 01 00:16:55 jarvis systemd-logind[1579]: New session c4 of user root.
> Jan 01 00:16:55 jarvis systemd-logind[1579]: Removed session c4.
> Jan 01 00:16:55 jarvis systemd[1]: serial-getty at ttyO2.service holdoff
> time over, scheduling restart.

most likely systemd --user doesn't know what to do. Have you created a
meaningful /usr/lib/systemd/user/default.target that actually does something?

e.g., create a /usr/lib/systemd/user/default.target.wants, and symlink
some services in there.

you can also use /etc/systemd/user/, or even ~/.config/user/ for all of this,
but you need to provide a target with "something" properly added to the default
target.

> Ultimately, my goal is to have some unprivileged services started on
> my pandaboard when it's booted. I can obviously run them through root
> services with the User= option, but --user seemed like a much better
> way. (So that I can add services without having to be root) Btw, I
> don't plan on running X on this either, but do require dbus.
>
> I don't know what I'm missing.. Any help? I'm pretty new to systemd
> and only vaguely familiar with pam.

one thing I'm missing - are you in one way or another using user at .service? If
not, that may be the problem.

You'll basically need to do the equivalent of systemctl enable
user@<username>.service
to tell the pid=1 systemd to autostart your systemd --user session for
you. I don't
think you want to only start the systemd --user instance when you
logon, but rather,
have it running all the time.

Cheers,

Auke

More information about the systemd-devel mailing list