You are not logged in.

#1 2020-08-19 09:43:00

Jason P.
Member
Registered: 2015-02-26
Posts: 171

[solved] pam fails to find unit dbus-org.freedesktop.home1.service

Hi,

Today after upgrading pam I've started to see log messages like this one:

pam_systemd_home(systemd-user:account): Failed to query user record: Unit dbus-org.freedesktop.home1.service not found.

Worth noting that my home is indeed encrypted but until now I've never seen these messages. sudo operations work perfectly fine.

Nothing to worry then?

➜  $ ~ pacman -Qs pam
local/pam 1.4.0-3
    PAM (Pluggable Authentication Modules) library
local/pambase 20200721.1-2
    Base PAM configuration for services

Last edited by Jason P. (2020-08-19 10:38:17)

Offline

#2 2020-08-19 10:03:21

loqs
Member
Registered: 2014-03-06
Posts: 18,140

Re: [solved] pam fails to find unit dbus-org.freedesktop.home1.service

pambase 20200721.1-2 added systemd-home support.  If the service is not active you will see such a message.
It is not an issue if you if you do not wish to use the service.

Offline

#3 2020-08-19 10:38:01

Jason P.
Member
Registered: 2015-02-26
Posts: 171

Re: [solved] pam fails to find unit dbus-org.freedesktop.home1.service

Thanks for the info loqs.

Aside of that, maybe is a bit noisy throwing errors in such scenarios, when something not enabled by the user will not make any difference in the actual result of the authentication process. It's a misleading message that can potentially make a user think that there's something wrong. But probably this is not the place for a discussion like this hehe.

smile

Offline

#4 2020-08-20 23:31:57

enihcam
Member
From: Internet
Registered: 2009-12-20
Posts: 220

Re: [solved] pam fails to find unit dbus-org.freedesktop.home1.service

How to disable systemd-homed and dbus-org.freedesktop.home1.service?
It's annoying everything I run sudo.

Last edited by enihcam (2020-08-20 23:39:52)

Offline

#5 2020-08-20 23:40:36

loqs
Member
Registered: 2014-03-06
Posts: 18,140

Re: [solved] pam fails to find unit dbus-org.freedesktop.home1.service

enihcam is it enabled on your system or are you just seeing the messages in the journal related to it?

Offline

#6 2020-08-21 09:15:04

Jason P.
Member
Registered: 2015-02-26
Posts: 171

Re: [solved] pam fails to find unit dbus-org.freedesktop.home1.service

I have it disabled, nevertheless I see the error messages.

➜  $ ~ systemctl status systemd-homed.service
● systemd-homed.service - Home Area Manager
     Loaded: loaded (/usr/lib/systemd/system/systemd-homed.service; disabled; vendor preset: enabled)
     Active: inactive (dead)
       Docs: man:systemd-homed.service(8)

Offline

#7 2020-08-21 12:05:55

Al.Piotrowicz
Member
Registered: 2017-08-07
Posts: 130

Re: [solved] pam fails to find unit dbus-org.freedesktop.home1.service

A fast forward question to @loqs: Is it safe to remove the "pam_systemd_home.so" record entries from the pam configuration files for the one doesnt use the "systemd-homed.service" ?

Offline

#8 2020-08-21 13:47:14

loqs
Member
Registered: 2014-03-06
Posts: 18,140

Re: [solved] pam fails to find unit dbus-org.freedesktop.home1.service

Al.Piotrowicz what do you mean by safe?

You could delete /usr/lib/security/pam_systemd_home.so without adjusting the pam stack all the pam_systemd_home.so entries are prefixed with - meaning it is not an error for the module to be missing.

/etc/pam.d/system-auth without pam_systemd_home.so

#%PAM-1.0

auth       required                    pam_faillock.so      preauth
# Optionally use requisite above if you do not want to prompt for the password
# on locked accounts.
auth       [success=1 default=ignore]  pam_unix.so          try_first_pass nullok
auth       [default=die]               pam_faillock.so      authfail
auth       optional                    pam_permit.so
auth       required                    pam_env.so
auth       required                    pam_faillock.so      authsucc
# If you drop the above call to pam_faillock.so the lock will be done also
# on non-consecutive authentication failures.

account    required                    pam_unix.so
account    optional                    pam_permit.so
account    required                    pam_time.so

password   required                    pam_unix.so          try_first_pass nullok shadow
password   optional                    pam_permit.so

session    required                    pam_limits.so
session    required                    pam_unix.so
session    optional                    pam_permit.so

Edit:
pam_unix always checked byefore pam_systemd_home:

#%PAM-1.0

auth       required                    pam_faillock.so      preauth
# Optionally use requisite above if you do not want to prompt for the password
# on locked accounts.
auth       [success=2 default=ignore]  pam_unix.so          try_first_pass nullok
-auth      [success=1 default=ignore]  pam_systemd_home.so
auth       [default=die]               pam_faillock.so      authfail
auth       optional                    pam_permit.so
auth       required                    pam_env.so
auth       required                    pam_faillock.so      authsucc
# If you drop the above call to pam_faillock.so the lock will be done also
# on non-consecutive authentication failures.

account   [success=1 default=ignore]  pam_unix.so
-account    required                    pam_systemd_home.so
account    optional                    pam_permit.so
account    required                    pam_time.so

password  [success=1 default=ignore]  pam_unix.so          try_first_pass nullok shadow
-password   required                    pam_systemd_home.so
password   optional                    pam_permit.so

session    required                    pam_limits.so
session    required                    pam_unix.so
session    optional                    pam_permit.so

Last edited by loqs (2020-08-21 13:54:10)

Offline

#9 2020-08-21 13:55:38

Al.Piotrowicz
Member
Registered: 2017-08-07
Posts: 130

Re: [solved] pam fails to find unit dbus-org.freedesktop.home1.service

Thanks for quick reply, I meant some undesired behaviour by systemd. Im not linux expert and have had plenty of systemd glitches recently so preffered to ask at first. Now it seems clear for me.

Offline

#10 2020-08-21 13:58:33

loqs
Member
Registered: 2014-03-06
Posts: 18,140

Re: [solved] pam fails to find unit dbus-org.freedesktop.home1.service

No the messages you see are because the service is off.  Removing support is returning to the old pambase which did not support pam-systemd-home by default.  So you have already tested the pam stack without pam-systemd-home.

Offline

#11 2020-08-22 14:38:38

cirrus
Member
From: Glasgow Scotland
Registered: 2012-08-24
Posts: 341
Website

Re: [solved] pam fails to find unit dbus-org.freedesktop.home1.service

HI
editing /etc/pam.d/homed-substack like so in conjunction with above edit pam_unix always checked byefore pam_systemd_home: stops the journal errors

#%PAM-1.0

auth      sufficient  pam_unix.so          try_first_pass nullok
-auth      sufficient  pam_systemd_home.so  suspend=true
auth      [success=bad]  pam_permit.so

account   sufficient  pam_unix.so
-account   sufficient  pam_systemd_home.so  suspend=true
account   required    pam_deny.so

Last edited by cirrus (2020-08-22 14:52:10)

Offline

#12 2020-08-24 21:06:20

mokkurkalve
Member
From: Bergen, Norway
Registered: 2009-08-29
Posts: 60

Re: [solved] pam fails to find unit dbus-org.freedesktop.home1.service

Yes, that stopped the incessant spamming of the logs with the message "Failed to query user record: Unit dbus-org.freedesktop.home1.service not found."
It is still triggered whenever there's a authentication problem, like when you type the password wrong when using sudo or in the Mate lock-screen.
That's is not a problem though, as it's not happening that often. However, as I am never going to enable systemd-homed.service the message is completely unneeded, but there you go....


"ONLY THOSE WHO ATTEMPT THE IMPOSSIBLE WILL ACHIEVE THE ABSURD"
- Oceania Association of Autonomous Astronauts

Offline

#13 2020-08-24 21:10:49

loqs
Member
Registered: 2014-03-06
Posts: 18,140

Re: [solved] pam fails to find unit dbus-org.freedesktop.home1.service

The proposed fix from https://github.com/systemd/systemd/issues/16813 might stop the message being produced.  I have not tried it.
Edit:
Changes the message to

pam_systemd_home(systemd-user:account): systemd-homed is not available: Unit dbus-org.freedesktop.home1.service not found.

Edit2:
Updated system-auth only call pam_systemd_homed if the account is managed by it due to https://bugs.archlinux.org/task/65819#comment192113

#%PAM-1.0

auth       required                    pam_faillock.so      preauth
# Optionally use requisite above if you do not want to prompt for the password
# on locked accounts.
auth       [success=2 default=ignore]  pam_unix.so          try_first_pass nullok
-auth      [success=1 default=ignore]  pam_systemd_home.so
auth       [default=die]               pam_faillock.so      authfail
auth       optional                    pam_permit.so
auth       required                    pam_env.so
auth       required                    pam_faillock.so      authsucc
# If you drop the above call to pam_faillock.so the lock will be done also
# on non-consecutive authentication failures.

account    [default=1 success=ignore]  pam_succeed_if.so    quiet uid >= 60001 uid <= 60513
-account   [success=1 default=ignore]  pam_systemd_home.so
account    required                    pam_unix.so
account    optional                    pam_permit.so
account    required                    pam_time.so

password   [default=1 success=ignore]  pam_succeed_if.so    quiet uid >= 60001 uid <= 60513
-password  [success=1 default=ignore]  pam_systemd_home.so
password   required                    pam_unix.so          try_first_pass nullok shadow
password   optional                    pam_permit.so

session    required                    pam_limits.so
session    required                    pam_unix.so
session    [default=1 success=ignore]  pam_succeed_if.so    quiet uid >= 60001 uid <= 60513
-session   required                    pam_systemd_home.so
session    optional                    pam_permit.so

Last edited by loqs (2020-08-27 04:38:45)

Offline

#14 2020-08-27 11:02:14

mokkurkalve
Member
From: Bergen, Norway
Registered: 2009-08-29
Posts: 60

Re: [solved] pam fails to find unit dbus-org.freedesktop.home1.service

"Edit2" seems to work. The message is still triggered when a password is typed wrong, but I guess that is unavoidable. PAM goes through the list of modules in such a scenario I guess....?


"ONLY THOSE WHO ATTEMPT THE IMPOSSIBLE WILL ACHIEVE THE ABSURD"
- Oceania Association of Autonomous Astronauts

Offline

#15 2020-08-27 11:25:30

loqs
Member
Registered: 2014-03-06
Posts: 18,140

Re: [solved] pam fails to find unit dbus-org.freedesktop.home1.service

As pointed out https://bugs.archlinux.org/task/65819#comment192124 the range of UIDs used by systemd-home is not guaranteed to be in that range.
My edit from post #8 where pam_systemd_home is removed should achieve the result you desire.

Last edited by loqs (2020-08-27 12:00:10)

Offline

#16 2020-09-20 19:46:18

ghen
Member
From: Belgium
Registered: 2010-08-31
Posts: 124

Re: [solved] pam fails to find unit dbus-org.freedesktop.home1.service

Still seeing this as well, on several "standard" installations not using systemd-homed (and not intending to).
I've seen several proposed solutions/workarounds here and in FS#65819, which one is recommended now?

Offline

#17 2020-09-20 19:56:47

loqs
Member
Registered: 2014-03-06
Posts: 18,140

Re: [solved] pam fails to find unit dbus-org.freedesktop.home1.service

None of the solutions in https://bugs.archlinux.org/task/65819 will stop the extra messages.

Th easiest solution is perhaps to use NoExtract

NoExtract=usr/lib/security/pam_systemd_home.so

Then reinstall systemd.
This works because all the pam_systemd_home entries in /etc/pam.d/system-auth are prefixed with a - while prevents failure to load the module being an error.

If you want to edit the pam configs the first solution from post #8.

Last edited by loqs (2020-09-20 20:17:48)

Offline

#18 2020-09-20 20:17:27

ghen
Member
From: Belgium
Registered: 2010-08-31
Posts: 124

Re: [solved] pam fails to find unit dbus-org.freedesktop.home1.service

Thanks.
So the default config will keep this "bug" ?

Offline

#19 2020-09-20 20:22:42

loqs
Member
Registered: 2014-03-06
Posts: 18,140

Re: [solved] pam fails to find unit dbus-org.freedesktop.home1.service

I expect so.

Offline

#20 2020-09-20 20:30:10

ghen
Member
From: Belgium
Registered: 2010-08-31
Posts: 124

Re: [solved] pam fails to find unit dbus-org.freedesktop.home1.service

Still reading up on systemd-homed (and so far I think I'll stay far away from it), but is simply enabling and ignoring it a solution as well?  Or will it eat my kittens if I do?

Offline

#21 2020-09-20 20:39:25

loqs
Member
Registered: 2014-03-06
Posts: 18,140

Re: [solved] pam fails to find unit dbus-org.freedesktop.home1.service

ghen wrote:

Still reading up on systemd-homed (and so far I think I'll stay far away from it), but is simply enabling and ignoring it a solution as well?

Yes as the messages are caused by the service not being active.

Offline

#22 2020-12-27 20:37:07

Neitsab
Wiki Maintainer
Registered: 2013-12-05
Posts: 30

Re: [solved] pam fails to find unit dbus-org.freedesktop.home1.service

I just tried to enable and start systemd-homed.service, but it kept flooding my logs on each and every sudo invocation because my user had not been created with it. So I used

loqs wrote:

Th easiest solution is perhaps to use NoExtract

NoExtract=usr/lib/security/pam_systemd_home.so

Then reinstall systemd.
This works because all the pam_systemd_home entries in /etc/pam.d/system-auth are prefixed with a - while prevents failure to load the module being an error.

which worked perfectly and stopped all the log flood.
Thanks!

Offline

#23 2020-12-27 20:50:18

ghen
Member
From: Belgium
Registered: 2010-08-31
Posts: 124

Re: [solved] pam fails to find unit dbus-org.freedesktop.home1.service

Given the large amounts of unnecessary noise this service creates, and the limited benefit for typical systems, it would perhaps be interesting to not enable pam_systemd_home.so by default (in pambase package).

Offline

#24 2021-01-26 09:32:32

drankinatty
Member
From: Nacogdoches, Texas
Registered: 2009-04-24
Posts: 75
Website

Re: [solved] pam fails to find unit dbus-org.freedesktop.home1.service

I second not enabling pam_systemd_home.so by default in any of the pambase packages. I cannot envision every needing or wanting the enabled, and I suspect that is true for a large majority of Arch installs. Just because upstream dreams something up to fit some corner-case doesn't mean that Arch needs to enable the functionality. We just split postfix into multiple packages containing non-default backends, so why not split this functionality out into a separate package and those few that will ever want it can install that package and enable the service. Far better choice than cluttering the logs on a majority of the systems that will never use it.


David C. Rankin, J.D.,P.E.

Offline

#25 2021-10-15 02:12:59

drankinatty
Member
From: Nacogdoches, Texas
Registered: 2009-04-24
Posts: 75
Website

Re: [solved] pam fails to find unit dbus-org.freedesktop.home1.service

After having tried the differing solutions, I concur that having pam_unix checked first as shown in the edit to post #8 above about as simple as it gets. Simply modify the two pairs of lines shown (e.g. just move the pam_unix check before the pam_systemd_home check for 'account' and `password' sections of the file -- done. No more heinous homed message needlessly filling the journal.


David C. Rankin, J.D.,P.E.

Offline

Board footer

Powered by FluxBB