Hi.
On Thu, 17 May 2018 10:19:52 -0700 stan wrote:
> On Thu, 17 May 2018 10:54:57 +0200
> Gianluca Cecchi <gianluca.cecchi@xxxxxxxxx> wrote:
>> Now (I'm in F28) it is simply sufficient to re-enable gdm and
>> connectusing Gnome as DE to see that all is ok:
>> - logout/shutdown buttons without problems (previously a logout
>> originated an automatic relogin...)
>> - switch wifi on/off and other components (such as external usb disks)
>> without getting authorization errors
>> - audio adapter is seen ok with its analog and hdmi settings (and it
>> works too... ;-)
>> Possibly gdm in its start enables some permission for normal users
>> that lightdm (at least in latest updates) doesn't provide?
I don't think it's that. See below.
We are using lightdm and noticed also this problem.
> It's strange that a desktop manager would affect this, since it is
> the desktop that performs the actions that are having problems.
This is normal since those actions rely on having a proper
session/seat defined to be authorized by polkit and that is the
desktop manager that setup that.
I found that the culprit is the RPM pam-kwallet-5.12.5-3.fc27: if you
erase it this problem disappear. You indicated this RPM in your
initial post.
With pam-kwallet installed, the journal shows:
lightdm[10869]: pam_kwallet5(lightdm:session): pam_kwallet5: final socket path: /tmp/kwallet5_fm.socket
lightdm[10869]: pam_kwallet5(lightdm:session): pam_kwallet5-kwalletd: Couldn't listen in socket
lightdm[10869]: pam_kwallet5(lightdm:session): pam_kwallet5: Impossible to write walletKey to walletPipe
lightdm[10869]: pam_kwallet(lightdm:session): pam_kwallet: pam_sm_open_session
lightdm[10870]: pam_kwallet(lightdm:session): pam_kwallet: final socket path: /tmp/kwallet_fm.socket
lightdm[10870]: pam_kwallet(lightdm:session): pam_kwallet-kwalletd: Couldn't listen in socket
lightdm[10870]: pam_kwallet(lightdm:session): pam_kwallet: Impossible to write walletKey to walletPipe
### Fail to create session:
lightdm[10870]: pam_systemd(lightdm:session): Failed to create session: Access denied
lightdm[10870]: pam_unix(lightdm:session): session opened for user fm by (uid=1005)
### Fail to register in lastlog and btmp
lightdm[10870]: pam_lastlog(lightdm:session): unable to open /var/log/lastlog: Permission denied
lightdm[10870]: pam_lastlog(lightdm:session): unable to open /var/log/btmp: Permission denied
It works with gdm since it doesn't include pam_kwallet in its pam
configuration files (of course :-) ), unlike lightdm:
/etc/pam.d/lightdm:
auth substack system-auth
-auth optional pam_gnome_keyring.so
-auth optional pam_kwallet5.so
-auth optional pam_kwallet.so
..
-session optional pam_gnome_keyring.so auto_start
-session optional pam_kwallet5.so
-session optional pam_kwallet.so
session include system-auth
I tried to put system-auth before the pam_kwallet* in the session
part: nmcli works, but logout no. In this case the socket is put under
/run/user/$UID that is created before, but still "Couldn't listen insocket"
I haven't tried to put the pam_kwallet* last in the session part.
sddm is perhaps subject to this bug since it includes also the
pam_kwallet* modules. I haven't tested it.
It is safe to suppress the pam_kwallet RPM since it fails anyway to
spawn kwalletd and no other RPM depends ont it.
Nice side effect for an optional module :-(
--
francis
_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx/message/IV24MZCXW4PIMKHSEBI75VRZKFM2HVL7/
