[systemd-devel] Cannot call GetUnit method with ssh

Bao Nguyen baondt at gmail.com
Tue Mar 12 11:34:51 UTC 2019


Hi Mantas,

Thanks for your reply.

"Hold on – why are you whitelisting individual users for
systemd.GetMethod()?  "

Sorry I am not clear your question. My intend is to add a user that fails
to authenticate with DBUS in the previous email to policy config file to
troubleshoot if dbus resolve it or not. But it throws "Unknown username" so
I think dbus does not know anything about this user and it leads to the
authenticate fails.

Brs,
Bao



On Tue, Mar 12, 2019 at 6:20 PM Mantas Mikulėnas <grawity at gmail.com> wrote:

> On Tue, Mar 12, 2019 at 1:17 PM Bao Nguyen <baondt at gmail.com> wrote:
>
>> Hi again,
>>
>> I tried to add the LDAP user in /etc/dbus-1/system.conf policy and then
>> send signal SIGHUP to reload the configuration, also for dbus flush user
>> cache, but dbus said that
>>
>> Unknown username "ldap_demo" on element <allow>
>> Reloaded configuration
>>
>
> Hold on – why are you whitelisting individual users for
> systemd.GetMethod()?
>
>
>>
>> I search the source code in dbus. it will
>> call _dbus_get_user_id_and_primary_group ,
>> then _dbus_user_database_get_system to search user ldap_demo in its
>> database but I am not clear how this database is built. Could you please
>> help me for that?
>> Is there anyway to make dbus aware the new user except restart dbus?
>>
>
>
>
>> If I restart dbus, does it have any impact to the system?
>>
>
> Yes; it closes all existing bus connections, which may cause many services
> to exit.
>
>
>>
>> Thanks,
>> Brs,
>> Bao
>>
>>
>> On Fri, Mar 8, 2019 at 5:54 PM Lennart Poettering <lennart at poettering.net>
>> wrote:
>>
>>> On Fr, 08.03.19 11:59, Mantas Mikulėnas (grawity at gmail.com) wrote:
>>>
>>> > > dbus policy can only reference users that are available locally at
>>> any
>>> > > time, i.e. generally system users, not human users.
>>> > >
>>> > >
>>> > Hmm, but in this case, the client seems to be completely refused
>>> access to
>>> > the bus – not just blocked by policy from sending some message. The
>>> system
>>> > bus normally allows any user to connect (I mean, I have no problems
>>> > accessing it from an LDAP account), so I'm not sure why the bus config
>>> > should matter at this point.
>>>
>>> At this point this is probably something to move to the dbus list... I
>>> don#t remember how precisely dbus-daemon authenticates stuff, I just
>>> have a rough idea.
>>>
>>> Lennart
>>>
>>> --
>>> Lennart Poettering, Red Hat
>>>
>>
>
> --
> Mantas Mikulėnas
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/systemd-devel/attachments/20190312/90f22e96/attachment-0001.html>


More information about the systemd-devel mailing list