FS#79184 - [systemd] fresh install, systemd-homed user unable to login

Attached to Project: Arch Linux
Opened by Rahil Bhimjiani (rahilarious) - Monday, 24 July 2023, 01:46 GMT
Last edited by Toolybird (Toolybird) - Monday, 24 July 2023, 23:04 GMT
Task Type Bug Report
Category Packages: Core
Status Closed
Assigned To No-one
Architecture All
Severity Low
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

Steps to reproduce:
1. Do fresh install
2. neofetch btw & flex on internet
3. Start systemd-homed.service & create brand new user with homectl
4. Try to login via tty/console
5. Pull your hair trying to figure out why wouldn't it work. Followed by enough research on pam that qualifies you for PhD on that. :-)

Troubleshooting:
After 2 days of mind-boggling, unable to login & feeling like digital handicap, I finally pin pointed problem to following line in /etc/pam.d/system-login which was not letting me pass.

`auth required pam_shells.so`

Weird. Bash is already listed in /etc/shells. But its /bin/bash which is symlink to /usr/bin/bash. So the problem is systemd-homed doesn't allow to login from symlinked shells.

Proper fix:
Upto distro to decide. Option 1 and/or 2.
1. Request upstream systemd to allow login from symlinked shells. Unlikely to happen as they might reason with hardening measure for security.
2. Update package "filesystem" and include all shells without symlinks (i.e. /usr/bin/bash) in /etc/shells

Quick workaround:
Add /usr/bin/bash to /etc/shells
This task depends upon

Closed by  Toolybird (Toolybird)
Monday, 24 July 2023, 23:04 GMT
Reason for closing:  Duplicate
Additional comments about closing:  Merged into  FS#33677 
Please see comments.
Comment by Toolybird (Toolybird) - Monday, 24 July 2023, 03:21 GMT
Cannot repro. Booted up a fresh VM then created a user as per below. Login works fine. There must be something else causing your problem..

# homectl create username
Comment by Rahil Bhimjiani (rahilarious) - Monday, 24 July 2023, 09:28 GMT
Create it using `homectl create username --shell=/usr/bin/bash` which is also technically correct and should allow to login. Problem will show up now.

Regardless of this /etc/shells should include /usr/bin/sh /usr/bin/bash /usr/bin/rbash and so on to avoid such rare weird bugs. Debian & Fedora are also including both versions /bin/bash & /usr/bin/bash in /etc/shells.
Comment by Rahil Bhimjiani (rahilarious) - Monday, 24 July 2023, 09:31 GMT
Btw bug also happens with normal shadow users with `useradd -s /usr/bin/bash username`. So not related to systemd. /etc/shells is the culprit
Comment by Toolybird (Toolybird) - Monday, 24 July 2023, 22:59 GMT
> 2. Update package "filesystem" and include all shells without symlinks (i.e. /usr/bin/bash) in /etc/shells

We already have an open ticket for that. Please see  FS#33677 . Also related:  FS#36086 

> homectl create username --shell=/usr/bin/bash

Yeah, that'll do it. Regardless of the current /etc/shells issue, it seems like systemd (or pam_shells.so ?) should still handle this case. But if it's not meant to, then fixing /etc/shells is of course the way to go.

So in summary, this doesn't seem like a systemd bug. In the meanwhile, someone should add a note to the systemd-homed Wiki page [1] about this "trap for young players". Anyone can edit the Wiki. Thanks for reporting this issue, but I'm going to merge it into  FS#33677  which is the real root cause.

[1] https://wiki.archlinux.org/title/Systemd-homed

Loading...