FS#52039 - [systemd] /etc/pam.d/system-user no longer includes system-login

Attached to Project: Arch Linux
Opened by Tinu Weber (ayekat) - Saturday, 03 December 2016, 17:09 GMT
Last edited by Dave Reisner (falconindy) - Saturday, 10 December 2016, 13:19 GMT
Task Type Bug Report
Category Packages: Core
Status Closed
Assigned To Dave Reisner (falconindy)
Architecture All
Severity Medium
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 3
Private No

Details

In commit baed1fe [1] (which has taken effect in 231→232), upstream has changed `src/login/systemd-user` to a bare bones config that -- according to the commit message -- is no longer suited for being used as-is downstream (a note about this has been added to the `DISTRO_PORTING` file).

Arch Linux still takes that file as-is, and thus `/etc/pam.d/systemd-user` no longer includes `/etc/pam.d/system-auth` (`/etc/pam.d/system-login` in Arch Linux), which causes various settings not to be applied to the `systemd --user` sessions anymore, e.g. the PAM environment via `pam_env.so`, which causes user services to run with the "wrong" environment (in case the user has a custom `~/.pam_environment` -- note that the PAM environment is correctly loaded at login, as this is handled by `/etc/pam.d/system-local-login`).

[1] https://github.com/systemd/systemd/commit/baed1fedba161d7db89636a417751891831c432a
This task depends upon

Closed by  Dave Reisner (falconindy)
Saturday, 10 December 2016, 13:19 GMT
Reason for closing:  Fixed
Comment by ROMANO (rv) - Tuesday, 06 December 2016, 08:33 GMT
It's a problem at least for Jack and Ardour. I couldn't use Jack with realtime support anymore and ardour complained too. I reverted the commit and now it's ok. Thanks for the report, I had bad times to understand where the problem came from!
Comment by Tinu Weber (ayekat) - Tuesday, 06 December 2016, 08:45 GMT
@ROMANO
> I reverted the commit and now it's ok.
What commit? On which project?

@Dave
A workaround for this issue (that works for me™) is to have `session include system-login` and `account include system-login` in /etc/pam.d/systemd-user (I assume that's like before). Would changing the config to that in the package make sense?
Comment by Dave Reisner (falconindy) - Tuesday, 06 December 2016, 12:05 GMT
It's not a workaround, it's the fix. See the DISTRO_PORTING notes that were added at the same time as these lines being removed.
Comment by Steven (Stebalien) - Saturday, 10 December 2016, 05:48 GMT
Arch *does* ship system-auth and systemd-user should probably use system-auth.

It should *not* use system-login because that's for logins (and will therefore treat the systemd user instance as a login).
Comment by Dave Reisner (falconindy) - Saturday, 10 December 2016, 13:19 GMT
We used login before 232. We'll continue using it.

Loading...