You are not logged in.

#1 2020-09-13 22:38:03

zaxmyth
Member
From: Seattle / San Francisco
Registered: 2019-03-25
Posts: 25
Website

[SOLVED] With systemd-homed, user@1000.service fails to start

I converted a user to be managed with systemd-homed and afterward I'm able to login and access files just as before but I'm getting the following errors starting user@1000.service:

Sep 13 11:59:33 qadi systemd[1]: Starting User Manager for UID 1000...
Sep 13 11:59:33 qadi systemd[1]: user@1000.service: User lookup succeeded: uid=1000 gid=1000
Sep 13 11:59:33 qadi systemd[1057]: PAM failed: Authentication service cannot retrieve authentication info
Sep 13 11:59:33 qadi systemd[1057]: user@1000.service: Failed to set up PAM session: Operation not permitted
Sep 13 11:59:33 qadi systemd[1057]: user@1000.service: Failed at step PAM spawning /usr/lib/systemd/systemd: Operation not permitted
Sep 13 11:59:33 qadi systemd[1]: user@1000.service: Failed to read oom_kill field of memory.events cgroup attribute: No such file or directory
Sep 13 11:59:33 qadi systemd[1]: user@1000.service: Child 1057 belongs to user@1000.service.
Sep 13 11:59:33 qadi systemd[1]: user@1000.service: Main process exited, code=exited, status=224/PAM
Sep 13 11:59:33 qadi systemd[1]: user@1000.service: Failed with result 'exit-code'.
Sep 13 11:59:33 qadi systemd[1]: user@1000.service: Service will not restart (restart setting)
Sep 13 11:59:33 qadi systemd[1]: user@1000.service: Changed start -> failed
Sep 13 11:59:33 qadi systemd[1]: user@1000.service: Job 183 user@1000.service/start finished, result=failed
Sep 13 11:59:33 qadi systemd[1]: Failed to start User Manager for UID 1000.
Sep 13 11:59:33 qadi systemd[1]: user@1000.service: Unit entered failed state.
Sep 13 11:59:33 qadi systemd[1]: user@1000.service: Control group is empty.

I've been looking for information on the PAM related errors but so far I've not come up with anything that helps so hoping somebody here has some ideas to try.

In case it matters, my underlying filesystem is Btrfs, I have a subvolume for @home, and my systemd-homed user is configured with luks storage.

I have no .pacnew files and no ~/.pam_environment file

Thanks for any pointers!

Last edited by zaxmyth (2020-09-16 15:57:58)

Offline

#2 2020-09-15 12:17:44

tucuxi
Member
From: Switzerland
Registered: 2020-03-08
Posts: 291

Re: [SOLVED] With systemd-homed, user@1000.service fails to start

If the user ID 1000 is still in /etc/passwd or /etc/shadow, remove it from there.

With stock pam configs, the log should look something like this:

Sep 15 13:58:21 arch systemd[1]: Starting User Manager for UID 60001...
Sep 15 13:58:21 arch systemd[660]: pam_systemd_home(systemd-user:account): Home for user tux successfully acquired.
Sep 15 13:58:21 arch systemd[660]: pam_warn(systemd-user:setcred): function=[pam_sm_setcred] flags=0x8002 service=[systemd-user] terminal=[] user=[tux] ruser=[<unknown>] rhost=[<unknown>]
Sep 15 13:58:21 arch systemd[660]: pam_unix(systemd-user:session): session opened for user tux(uid=60001) by (uid=0)
...

Offline

#3 2020-09-15 13:59:46

zaxmyth
Member
From: Seattle / San Francisco
Registered: 2019-03-25
Posts: 25
Website

Re: [SOLVED] With systemd-homed, user@1000.service fails to start

Double-checked that I removed the entries for user 1000 in /etc/{passwd, shadow, group, gshadow} and nothing there.

I looked through my journal for `pam_systemd_homed` and I don't see an entry like `pam_systemd_home(systemd-user:account): Home for user tux successfully acquired.`

$ journalctl -b -g pam_systemd_home
-- Logs begin at Mon 2020-09-14 17:39:12 PDT, end at Tue 2020-09-15 06:45:56 PDT. --
Sep 14 21:31:30 qadi gdm-password][1581]: pam_systemd_home(gdm-password:auth): Home for user zach successfully acquired.
Sep 14 22:02:16 qadi gdm-password][4221]: pam_systemd_home(gdm-password:auth): Home for user zach successfully acquired.
Sep 15 06:30:46 qadi gdm-password][5525]: pam_systemd_home(gdm-password:auth): Home for user zach successfully acquired.
Sep 15 06:41:25 qadi sudo[6452]: pam_systemd_home(sudo:auth): Home for user zach successfully acquired.
Sep 15 06:41:31 qadi sudo[6469]: pam_systemd_home(sudo:account): Home for user zach successfully acquired.
Sep 15 06:41:42 qadi sudo[6486]: pam_systemd_home(sudo:account): Home for user zach successfully acquired.
Sep 15 06:41:59 qadi sudo[6529]: pam_systemd_home(sudo:account): Home for user zach successfully acquired.
Sep 15 06:42:08 qadi sudo[6546]: pam_systemd_home(sudo:account): Home for user zach successfully acquired.
Sep 15 06:42:18 qadi sudo[6561]: pam_systemd_home(sudo:account): Home for user zach successfully acquired.
Sep 15 06:43:01 qadi sudo[6608]: pam_systemd_home(sudo:account): Home for user zach successfully acquired.
Sep 15 06:43:41 qadi sudo[6662]: pam_systemd_home(sudo:account): Home for user zach successfully acquired.
Sep 15 06:43:55 qadi sudo[6689]: pam_systemd_home(sudo:account): Home for user zach successfully acquired.
Sep 15 06:44:10 qadi sudo[6705]: pam_systemd_home(sudo:account): Home for user zach successfully acquired.
Sep 15 06:44:19 qadi sudo[6731]: pam_systemd_home(sudo:account): Home for user zach successfully acquired.
Sep 15 06:44:23 qadi sudo[6745]: pam_systemd_home(sudo:account): Home for user zach successfully acquired.

I have pambase 20200721.1-2 and pam 1.4.0-3

Offline

#4 2020-09-15 16:07:28

tucuxi
Member
From: Switzerland
Registered: 2020-03-08
Posts: 291

Re: [SOLVED] With systemd-homed, user@1000.service fails to start

systemctl status systemd-homed.service

Offline

#5 2020-09-16 01:50:54

zaxmyth
Member
From: Seattle / San Francisco
Registered: 2019-03-25
Posts: 25
Website

Re: [SOLVED] With systemd-homed, user@1000.service fails to start

$ systemctl status systemd-homed.service
● systemd-homed.service - Home Area Manager
     Loaded: loaded (/usr/lib/systemd/system/systemd-homed.service; enabled; vendor preset: enabled)
     Active: active (running) since Tue 2020-09-15 07:58:16 PDT; 10h ago
       Docs: man:systemd-homed.service(8)
   Main PID: 817 (systemd-homed)
     Status: "Processing requests..."
      Tasks: 1 (limit: 38030)
     Memory: 39.2M
     CGroup: /system.slice/systemd-homed.service
             └─817 /usr/lib/systemd/systemd-homed

Sep 15 18:48:57 qadi systemd-homed[817]: varlink-14: varlink: setting state idle-server
Sep 15 18:48:57 qadi systemd-homed[817]: varlink-14: New incoming message: {"method":"io.systemd.UserDatabase.GetUserR>
Sep 15 18:48:57 qadi systemd-homed[817]: varlink-14: varlink: changing state idle-server → processing-method
Sep 15 18:48:57 qadi systemd-homed[817]: varlink-14: Sending message: {"parameters":{"record":{"binding":{"2d5d5e5896d>
Sep 15 18:48:57 qadi systemd-homed[817]: varlink-14: varlink: changing state processing-method → processed-method
Sep 15 18:48:57 qadi systemd-homed[817]: varlink-14: varlink: changing state processed-method → idle-server
Sep 15 18:48:57 qadi systemd-homed[817]: varlink-14: Got POLLHUP from socket.
Sep 15 18:48:57 qadi systemd-homed[817]: varlink-14: varlink: changing state idle-server → pending-disconnect
Sep 15 18:48:57 qadi systemd-homed[817]: varlink-14: varlink: changing state pending-disconnect → processing-disconnect
Sep 15 18:48:57 qadi systemd-homed[817]: varlink-14: varlink: changing state processing-disconnect → disconnected

Offline

#6 2020-09-16 15:24:55

zaxmyth
Member
From: Seattle / San Francisco
Registered: 2019-03-25
Posts: 25
Website

Re: [SOLVED] With systemd-homed, user@1000.service fails to start

I ended up checking my pam configuration files on another system and noticed there were differences in the systemd-user file. I copied this over and now user@1000.service starts correctly.

     
0a1,2
> # This file is part of systemd.
> #
3c5
< account  include system-login
---
> account required pam_unix.so
5c7,8
< session  include system-login
---
> session optional pam_keyinit.so force revoke
> session optional pam_systemd.so

I'm not sure why the changes for pambase were not picked up but it's probably because I did something dumb at some point.

Last edited by zaxmyth (2020-09-16 16:34:37)

Offline

#7 2020-10-10 00:22:53

andrej.podzimek
Member
From: Zürich, Switzerland
Registered: 2005-04-10
Posts: 115

Re: [SOLVED] With systemd-homed, user@1000.service fails to start

I'm still getting a similar error, despite having a pristine and unmodified pambase (20200721.1-2). It has no effect on my ability to log in, but there's an annoying red blip during boot, indicating a failure. The failure is in user@1984.service:

Oct 10 01:56:51 aether systemd[1]: Starting User Manager for UID 1984...
Oct 10 01:56:51 aether systemd[1622]: pam_systemd_home(systemd-user:account): conversation failed
Oct 10 01:56:51 aether systemd[1622]: pam_systemd_home(systemd-user:account): conversation failed
Oct 10 01:56:51 aether systemd[1622]: pam_systemd_home(systemd-user:account): Failed to prompt for password/prompt.
Oct 10 01:56:51 aether systemd[1622]: PAM failed: Authentication service cannot retrieve authentication info
Oct 10 01:56:51 aether systemd[1622]: user@1984.service: Failed to set up PAM session: Operation not permitted
Oct 10 01:56:51 aether systemd[1622]: user@1984.service: Failed at step PAM spawning /usr/lib/systemd/systemd: Operation not permitted
Oct 10 01:56:51 aether systemd[1]: user@1984.service: Main process exited, code=exited, status=224/PAM
Oct 10 01:56:51 aether systemd[1]: user@1984.service: Failed with result 'exit-code'.
Oct 10 01:56:51 aether systemd[1]: Failed to start User Manager for UID 1984.

However, a few seconds later (likely during / after an actual login), the same service starts successfully (so ultimately nothing appears in systemctl --failed):

Oct 10 01:57:09 aether systemd[1]: Starting User Manager for UID 1984...
Oct 10 01:57:09 aether systemd[1874]: pam_systemd_home(systemd-user:account): Home for user andrej successfully acquired.
Oct 10 01:57:09 aether systemd[1874]: pam_warn(systemd-user:setcred): function=[pam_sm_setcred] flags=0x8002 service=[systemd-user] terminal=[] user=[andrej] ruser=[<unknown>] rhost=[<unknown>]
Oct 10 01:57:09 aether systemd[1874]: pam_unix(systemd-user:session): session opened for user andrej(uid=1984) by (uid=0)

The key question is: Why would systemd try to start anything on my behalf during boot, before I log in? At first I thought the Linger option might be to blame, but (1) when I unset enable-linger with loginctl, the problem is still the same and (2) I need the Linger option anyway.

EDIT: Nope, I was wrong (and/or didn't pay enough attention): enable_linger is to blame in this case. The man page explains what happens at boot and why:

       enable-linger [USER...], disable-linger [USER...]
           Enable/disable user lingering for one or more users. If enabled for
           a specific user, a user manager is spawned for the user at boot and
           kept around after logouts. This allows users who are not logged in
           to run long-running services. Takes one or more user names or
           numeric UIDs as argument. If no argument is specified,
           enables/disables lingering for the user of the session of the
           caller.

So I guess I need to file a feature request for Systemd to ask if passwordless operations could possibly work as before when a password is not needed (e.g. when systemd-homed uses Btrfs subvolumes). This is also an issue with SSH and systemd-homed.

Last edited by andrej.podzimek (2020-10-10 02:14:21)

Offline

#8 2020-10-10 02:53:38

andrej.podzimek
Member
From: Zürich, Switzerland
Registered: 2005-04-10
Posts: 115

Re: [SOLVED] With systemd-homed, user@1000.service fails to start

For the record, I filed a feature request.

Offline

#9 2020-10-10 13:42:37

WorMzy
Forum Moderator
From: Scotland
Registered: 2010-06-16
Posts: 11,788
Website

Re: [SOLVED] With systemd-homed, user@1000.service fails to start

This topic is marked as solved. If you have a similar issue, but the same solution doesn't work, please open a new topic, linking back to this on if you feel it is still relevant.

https://wiki.archlinux.org/index.php/Co … bumping%22

Closing.


Sakura:-
Mobo: MSI MAG X570S TORPEDO MAX // Processor: AMD Ryzen 9 5950X @4.9GHz // GFX: AMD Radeon RX 5700 XT // RAM: 32GB (4x 8GB) Corsair DDR4 (@ 3000MHz) // Storage: 1x 3TB HDD, 6x 1TB SSD, 2x 120GB SSD, 1x 275GB M2 SSD

Making lemonade from lemons since 2015.

Offline

Board footer

Powered by FluxBB