[systemd-devel] pam: Don't use loginuid [was: Re: Fix PAM module to not clobber XDG_RUNTIME_DIR with su]

Michael Biebl mbiebl at gmail.com
Wed Nov 20 17:06:14 PST 2013


2013/11/21 Colin Walters <walters at verbum.org>:
> On Thu, 2013-11-21 at 01:20 +0100, Michael Biebl wrote:
>> 2013/11/18 Michael Stapelberg <stapelberg at debian.org>:
>> > This is a rather pressing issue for us (it breaks GDM logins in some
>> > cases), and we’d like to fix it by cherry-picking a patch that was
>> > merged upstream.
>>
>> "some cases" is very vague.
>
> See:
> https://bugzilla.redhat.com/show_bug.cgi?id=753882#c43
>
> Now as Lennart is arguing here, running gedit as root is crack.  But
> the problem is greatly exacerbated by systemd leaving XDG_RUNTIME_DIR as
> the user, which causes the root-owned process to write to it,
> leaving directories owned by root whch can't be deleted by the user.
>
> But if say you happen to be logged in via ssh or a getty as well,
> that broken dconf directory will persist until you log out everywhere,
> and it will break logging in via gdm.
>
> This can happen with just pure "pkexec" and a *non-X11* application
> which wants to save transient per-uid state.

Hm, yeah, that might be it.
I guess one would have to ask the bug reporters if they had used su to
start a root X application (in case they remember) and if the problem
goes away after a reboot, i.e. /run has been "reset".


Michael
-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?


More information about the systemd-devel mailing list