[systemd-devel] Children of systemd user instance can't see root user
Luca Boccassi
luca.boccassi at gmail.com
Wed Jun 14 19:24:23 UTC 2023
On Wed, 14 Jun 2023 at 20:15, Adrian Vovk <adrianvovk at gmail.com> wrote:
>
> Hello
>
> I've got a problem in my systemd --user instance that I can't quite
> grok nor can I explain it very well. Essentially I have no idea what
> could possibly be going on. Hoping someone here can help.
>
> Basically, the OS boots and I can log in. Once I do, I experience the
> following symptoms:
>
> - Nothing setuid, like /usr/bin/pkexec, works. They all report that
> they must be owned by root
> - Upon further investigation it turns out all files owned by root/root
> is now owned by nobody/nobody
> - Dumping the filesystem (unsquashfs -ll /dev/sdX) reveals that the
> files are, in fact, owned by root/root on disk
> - When executing from outside of my systemd --user instance (i.e. log
> in from tty)
> - `id` reports `uid=1000(adrian) gid=100(users) groups=100(users),997(wheel)`
> - `id adrian` reports the same
> - Files that are supposed to be owned by root/root are owned by root/root
> - Files that are supposed to be owned by adrian/users are owned by
> adrian/users
> - When forked from the systemd --user instance (i.e. in
> gnome-terminal, or inside `systemd-run --user -S` on the TTY)
> - `id` reports `uid=1000(adrian) gid=100(users)
> groups=100(users),65534(nobody)`
> - `id adrian` reports correctly `uid=1000(adrian) gid=100(users)
> groups=100(users),997(wheel)`
> - Files that are supposed to be owned by root/root are owned by nobody/nobody
> - Files that are supposed to be owned by adrian/users are owned by
> adrian/users
> - If I perform the same experiment but logged in as `root` instead of
> `adrian`, the situation reverses: files actually owned by root/root
> appear owned by root/root, but files actually owned by adrian/users
> appear owned by nobody/nobody
>
> I initially suspected that something is wrong with my PAM
> configuration, but it works correctly if I try the commands inside a
> shell created with `systemd-run -S --uid=adrian
> --property=PAMName=systemd-user`. So, the environment that the systemd
> --user instance is executed in is good, but then everything systemd
> itself forks off is broken.
>
> Making user at 1000.service run w/ debug logging revealed nothing. The
> first mention of anything related to this issue is systemd-tmpfiles
> quitting because of an unsafe transition from /run/user (owned by
> nobody) to /run/user/1000 (owned by adrian).
>
> I'm running a git checkout of systemd 254 at commit
> 969eb0390f4a94fd95b828ede0588f6c00b293ed.
>
> Does anyone have any idea what could possibly be going on? If you need
> more info I'm happy to provide.
https://github.com/systemd/systemd/issues/26744
More information about the systemd-devel
mailing list