Debian Bug report logs - #599731
libpam-systemd: su sessions end with "su: System error"

Package: libpam-systemd; Maintainer for libpam-systemd is Debian systemd Maintainers <pkg-systemd-maintainers@lists.alioth.debian.org>; Source for libpam-systemd is src:systemd.

Affects: monkeysphere

Reported by: Joerg <joerg@schuetter.org>

Date: Sun, 10 Oct 2010 15:54:02 UTC

Severity: normal

Found in version systemd/11-1

Done: Tollef Fog Heen <tfheen@err.no>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, Tollef Fog Heen <tfheen@debian.org>:
Bug#599731; Package libpam-systemd. (Sun, 10 Oct 2010 15:54:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Joerg <joerg@schuetter.org>:
New Bug report received and forwarded. Copy sent to Tollef Fog Heen <tfheen@debian.org>. (Sun, 10 Oct 2010 15:54:05 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

Package: libpam-systemd
Version: 11-1
Severity: normal

After booting the system with init=/bin/systemd some cron-jobs are reporting an error.

Here is the part from /var/log/auth.log in case of the cron-job:
pc su[10301]: Successful su for j42 by root
pc su[10301]: + ??? root:j42
pc su[10301]: pam_unix(su:session): session opened for user j42 by (uid=0)
pc su[10301]: pam_systemd(su:session): Moving new user session for j42 into control group /user/j42/66c.
pc su[10301]: pam_unix(su:session): session closed for user j42
pc su[10301]: pam_systemd(su:session): Failed to lock runtime directory: Permission denied
pc su[10301]: pam_close_session: System error

The requested programs are executed fine, so the croned job is working.

The same happens when starting the su command from the command line.

/bin/su - mirror -c "/bin/date"
Sun Oct 10 17:35:47 CEST 2010
su: System error

Here is the part from /var/log/auth.log in case of the /bin/date:
pc su[12577]: Successful su for mirror by root
pc su[12577]: + /dev/pts/2 root:mirror
pc su[12577]: pam_unix(su:session): session opened for user mirror by j42(uid=0)
pc su[12577]: pam_systemd(su:session): Moving new user session for mirror into control group /user/mirror/83c.
pc su[12577]: pam_unix(su:session): session closed for user mirror
pc su[12577]: pam_systemd(su:session): Failed to lock runtime directory: Permission denied
pc su[12577]: pam_close_session: System error


-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-5-xen-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages libpam-systemd depends on:
ii  libc6                         2.11.2-6   Embedded GNU C Library: Shared lib
ii  libcap2                       1:2.19-3   support for getting/setting POSIX.
ii  libpam0g                      1.1.1-6    Pluggable Authentication Modules l
ii  systemd                       11-1       system and session manager

libpam-systemd recommends no packages.

libpam-systemd suggests no packages.

-- no debconf information

Information forwarded to debian-bugs-dist@lists.debian.org, Tollef Fog Heen <tfheen@debian.org>:
Bug#599731; Package libpam-systemd. (Sun, 28 Nov 2010 16:18:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Cesar Garcia <cesarg9@gmail.com>:
Extra info received and forwarded to list. Copy sent to Tollef Fog Heen <tfheen@debian.org>. (Sun, 28 Nov 2010 16:18:03 GMT) Full text and rfc822 format available.

Message #10 received at 599731@bugs.debian.org (full text, mbox, reply):

[Message part 1 (text/plain, inline)]

Same here, the bug is related to #580434 (su drops privileges before
calling pam_session_close), so it causes the Permission Denied messages.

I made a patch that moves the privilege change code to after the fork
call in the child process (same logic as coreutils and mac os
implementations of su), so the parent process can have privileges to
close the pam session.

[shadow-4.1.4.2-drop_privileges_after_fork.patch (text/x-patch, attachment)]

Added blocking bug(s) of 599731: 580434 Request was from Michael Biebl <biebl@debian.org> to control@bugs.debian.org. (Mon, 27 Dec 2010 20:09:08 GMT) Full text and rfc822 format available.

Added indication that 599731 affects monkeysphere Request was from Daniel Kahn Gillmor <dkg@fifthhorseman.net> to control@bugs.debian.org. (Sun, 31 Jul 2011 20:27:08 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Tollef Fog Heen <tfheen@debian.org>:
Bug#599731; Package libpam-systemd. (Mon, 06 Feb 2012 16:30:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Michael Biebl <biebl@debian.org>:
Extra info received and forwarded to list. Copy sent to Tollef Fog Heen <tfheen@debian.org>. (Mon, 06 Feb 2012 16:30:03 GMT) Full text and rfc822 format available.

Message #19 received at 599731@bugs.debian.org (full text, mbox, reply):

[Message part 1 (text/plain, inline)]

I can no longer reproduce this issue.

Could you please test with the latest version and report back.

Thanks,
Michael
-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?

[signature.asc (application/pgp-signature, attachment)]

Information forwarded to debian-bugs-dist@lists.debian.org, Tollef Fog Heen <tfheen@debian.org>:
Bug#599731; Package libpam-systemd. (Fri, 10 Feb 2012 17:33:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Jörg Schütter <joerg@schuetter.org>:
Extra info received and forwarded to list. Copy sent to Tollef Fog Heen <tfheen@debian.org>. (Fri, 10 Feb 2012 17:33:03 GMT) Full text and rfc822 format available.

Message #24 received at 599731@bugs.debian.org (full text, mbox, reply):

Hello Michael

On Mon, 06 Feb 2012 17:27:19 +0100
Michael Biebl <biebl@debian.org> wrote:

> I can no longer reproduce this issue.
> 
> Could you please test with the latest version and report back.

The same here, unable to reproduce (no error reported in the
logfiles).

Joerg

Reply sent to Tollef Fog Heen <tfheen@err.no>:
You have taken responsibility. (Fri, 29 Jun 2012 21:00:13 GMT) Full text and rfc822 format available.

Notification sent to Joerg <joerg@schuetter.org>:
Bug acknowledged by developer. (Fri, 29 Jun 2012 21:00:14 GMT) Full text and rfc822 format available.

Message #29 received at 599731-done@bugs.debian.org (full text, mbox, reply):

]] Jörg Schütter 

> Hello Michael
> 
> On Mon, 06 Feb 2012 17:27:19 +0100
> Michael Biebl <biebl@debian.org> wrote:
> 
> > I can no longer reproduce this issue.
> > 
> > Could you please test with the latest version and report back.
> 
> The same here, unable to reproduce (no error reported in the
> logfiles).

Ok, closing, assumed fixed.

-- 
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sat, 28 Jul 2012 07:30:47 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Mon Nov 2 17:46:28 2015; Machine Name: buxtehude

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

Debian Bug report logs - #599731 libpam-systemd: su sessions end with "su: System error"

Debian Bug report logs - #599731
libpam-systemd: su sessions end with "su: System error"