[systemd-devel] login problems

Christian Hesse mail at eworm.de
Fri May 3 08:12:27 PDT 2013 

Lennart Poettering <lennart at poettering.net> on Fri, 2013/05/03 16:30:
> On Tue, 30.04.13 00:03, Christian Hesse (mail at eworm.de) wrote:
> 
> > Hello everybody,
> > 
> > ok, this looks very tricky... I have no idea what happens and I have no
> > way to reproduce this. It just happens from time to time - very seldom.
> > 
> > If this happens I am not able to log in from lxdm and getty. The only way
> > back into the system is getting a failed login from getty, it succeeds
> > after the process has been restarted. From there I can restart lxdm unit.
> > 
> > Looks like lxdm-binary gets 'permission denied' when accessing some file.
> > This is strace from lxdm-binary, grepped for 'EACCES':
> > 
> > open("/etc/pam.d/eworm-yubico-otp", O_RDONLY) = -1 EACCES (Permission
> > denied) open("/var/log/faillog", O_RDWR)        = -1 EACCES (Permission
> > denied) open("/var/log/faillog", O_RDONLY)      = -1 EACCES (Permission
> > denied) open("/dev/bus/usb/001/002", O_RDWR)    = -1 EACCES (Permission
> > denied) open("/etc/shadow", O_RDONLY|O_CLOEXEC) = -1 EACCES (Permission
> > denied)
> > 
> > lxdm-binary is running with user and group 'root' so I do not understand
> > why permissions for other take effect.
> > 
> > This is an Arch Linux system with Linux 3.8.8-1-ARCH and systemd 202-1.
> > Any ideas?
> 
> My guess is that lxdm is broken and reuses the process that invokes the
> PAM session hooks? That means the first login on the display would work,
> but the second one wouldn't.
> 
> PAM clients need to open the PAM session in a process, then fork the
> child off, wait for it to die via waitpid, then close the PAM session in
> the original process, and then exit in that original process. Everything
> else is broken.

Uh... Just wanted to collect some more data and found a pam config file
include loop - I will try without now. ;)

I will report back if this does not help. Sorry for the noise and thanks for
your help!
-- 
Schoene Gruesse
Chris
                         O< ascii ribbon campaign
                   stop html mail - www.asciiribbon.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://lists.freedesktop.org/archives/systemd-devel/attachments/20130503/d9c1852e/attachment.pgp>

More information about the systemd-devel mailing list