You are not logged in.

#1 2021-10-10 14:45:17

n8jadams
Member
Registered: 2021-08-23
Posts: 49

[SOLVED] Can't resume session or `sudo` any command

It's very strange. I woke up this morning and resumed my X11/KDE Plasma session no problem.

Then I left and came back, and now I can't resume my session. I input the correct password and it says "unlocking failed". I am 100% sure I did the right password.

If I restart the computer, I can log in with tty no problem, but then when the screen locks, I'm stuck again. The same applies when trying to `sudo` any command in the terminal.

I even went in and booted into my arch install medium, mounted my drive, ran `arch-chroot /mnt` and then `passwd` and set the new root password. It all said it worked fine.

But it doesn't look like anything changed, still can't resume X11/KDE Plasma session and still can't `sudo` any commands.

Am I missing something?

Last edited by n8jadams (2021-10-11 16:11:58)

Offline

#2 2021-10-10 15:09:46

Scimmia
Fellow
Registered: 2012-09-01
Posts: 13,103

Re: [SOLVED] Can't resume session or `sudo` any command

Check the journal. A wild guess would be that it's pam-faillock, but without logs, who knows.

Online

#3 2021-10-10 15:26:47

n8jadams
Member
Registered: 2021-08-23
Posts: 49

Re: [SOLVED] Can't resume session or `sudo` any command

Dangit, turns out I can `sudo` commands now but can't log in after the screen lock.

What logs should I look for?

I tried this out:

$ /usr/lib/kscreenlocker_greet --testing
Locked at 1633880336
qt.gui.icc: fromIccProfile: failed minimal tag size sanity
qt.svg: <input>:406:376: Could not add child element to parent element because the types are incorrect.
qt.svg: <input>:407:130: Could not add child element to parent element because the types are incorrect.
qt.svg: <input>:408:130: Could not add child element to parent element because the types are incorrect.
qt.svg: <input>:408:393: Could not add child element to parent element because the types are incorrect.
qt.svg: <input>:409:130: Could not add child element to parent element because the types are incorrect.
qt.svg: <input>:410:129: Could not add child element to parent element because the types are incorrect.
qt.svg: <input>:411:129: Could not add child element to parent element because the types are incorrect.
qt.svg: <input>:412:129: Could not add child element to parent element because the types are incorrect.
qt.svg: <input>:413:129: Could not add child element to parent element because the types are incorrect.
qt.svg: <input>:413:379: Could not add child element to parent element because the types are incorrect.
qt.svg: <input>:413:631: Could not add child element to parent element because the types are incorrect.
qt.virtualkeyboard.hunspell: Hunspell dictionary is missing for "en_US" . Search paths ("/usr/share/qt/qtvirtualkeyboard/hunspell", "/usr/share/hunspell", "/usr/share/myspell/dicts")
qt.gui.icc: fromIccProfile: failed minimal tag size sanity
Authentication failure

Is there anything there that could be causing the problem?

Last edited by n8jadams (2021-10-10 15:43:06)

Offline

#4 2021-10-10 17:51:13

seth
Member
From: Don't DM me only for attention
Registered: 2012-09-03
Posts: 69,442

Re: [SOLVED] Can't resume session or `sudo` any command

n8jadams wrote:

What logs should I look for?

System journal, "sudo journalctl -b" for the current boot, pam is logged there, but also other stuff (and we don't yet know whether it's indeed pam)

Online

#5 2021-10-10 19:03:08

n8jadams
Member
Registered: 2021-08-23
Posts: 49

Re: [SOLVED] Can't resume session or `sudo` any command

seth wrote:
n8jadams wrote:

What logs should I look for?

System journal, "sudo journalctl -b" for the current boot, pam is logged there, but also other stuff (and we don't yet know whether it's indeed pam)

Ok. Here is the log on pastebin

Offline

#6 2021-10-10 19:16:31

seth
Member
From: Don't DM me only for attention
Registered: 2012-09-03
Posts: 69,442

Re: [SOLVED] Can't resume session or `sudo` any command

You've at least 3 network managing services enabled…

find /etc/systemd -type l -exec test -f {} \; -print | awk -F'/' '{ printf ("%-40s | %s\n", $(NF-0), $(NF-1)) }' | sort -f

Online

#7 2021-10-10 19:36:52

n8jadams
Member
Registered: 2021-08-23
Posts: 49

Re: [SOLVED] Can't resume session or `sudo` any command

$ find /etc/systemd -type l -exec test -f {} \; -print | awk -F'/' '{ printf ("%-40s | %s\n", $(NF-0), $(NF-1)) }' | sort -f
anbox-container-manager.service          | multi-user.target.wants
chronyd.service                          | multi-user.target.wants
cups.path                                | multi-user.target.wants
cups.service                             | printer.target.wants
cups.socket                              | sockets.target.wants
dbus-org.freedesktop.nm-dispatcher.service | system
dbus-org.freedesktop.resolve1.service    | system
dev-binderfs.mount                       | anbox-container-manager.service.wants
dhcpcd.service                           | multi-user.target.wants
dirmngr.socket                           | sockets.target.wants
disable-middle-click.service             | multi-user.target.wants
duckdns.service                          | multi-user.target.wants
duckdns.timer                            | timers.target.wants
getty@tty1.service                       | getty.target.wants
gpg-agent-browser.socket                 | sockets.target.wants
gpg-agent-extra.socket                   | sockets.target.wants
gpg-agent.socket                         | sockets.target.wants
gpg-agent-ssh.socket                     | sockets.target.wants
iwd.service                              | multi-user.target.wants
jellyfin.service                         | multi-user.target.wants
NetworkManager.service                   | multi-user.target.wants
NetworkManager-wait-online.service       | network-online.target.wants
p11-kit-server.socket                    | sockets.target.wants
pcscd.socket                             | sockets.target.wants
pipewire-media-session.service           | pipewire.service.wants
pipewire-session-manager.service         | user
pipewire.socket                          | sockets.target.wants
pulseaudio.socket                        | sockets.target.wants
remote-fs.target                         | multi-user.target.wants
xdg-user-dirs-update.service             | default.target.wants
xow.service                              | multi-user.target.wants

If I were to take a wild guess as to why this happened, I would say it's related to nordpy or nordpy-plasmoid-git... I recently installed it and it probably messes with some network stuff.

Last edited by n8jadams (2021-10-10 19:43:05)

Offline

#8 2021-10-10 19:41:32

seth
Member
From: Don't DM me only for attention
Registered: 2012-09-03
Posts: 69,442

Re: [SOLVED] Can't resume session or `sudo` any command

Please use code tags, not quote tags.

So you've dhcpcd, networkmanager and iwd.
Pick one (networkmanager?), disable the others, reboot and retry. If the issue remains, post an updated journal and service list.

Edit: neither nordpy nor nordvpn show up in the journal you provided earlier?

Last edited by seth (2021-10-10 19:43:15)

Online

#9 2021-10-10 19:50:46

n8jadams
Member
Registered: 2021-08-23
Posts: 49

Re: [SOLVED] Can't resume session or `sudo` any command

Must not be the nordvpn stuff.

Of course now my `sudo` password isn't working. How can I "disable" those services for my user while logged in as root?

Offline

#10 2021-10-10 19:53:29

seth
Member
From: Don't DM me only for attention
Registered: 2012-09-03
Posts: 69,442

Re: [SOLVED] Can't resume session or `sudo` any command

Those are not user services, you just "systemctl disable" them as root.

Online

#11 2021-10-11 01:39:20

n8jadams
Member
Registered: 2021-08-23
Posts: 49

Re: [SOLVED] Can't resume session or `sudo` any command

Ok, so I did that. Network is still working fine which is good... lol

Journal

And the services list:

anbox-container-manager.service          | multi-user.target.wants
chronyd.service                          | multi-user.target.wants
cups.path                                | multi-user.target.wants
cups.service                             | printer.target.wants
cups.socket                              | sockets.target.wants
dbus-org.freedesktop.nm-dispatcher.service | system
dbus-org.freedesktop.resolve1.service    | system
dev-binderfs.mount                       | anbox-container-manager.service.wants
dirmngr.socket                           | sockets.target.wants
disable-middle-click.service             | multi-user.target.wants
duckdns.service                          | multi-user.target.wants
duckdns.timer                            | timers.target.wants
getty@tty1.service                       | getty.target.wants
gpg-agent-browser.socket                 | sockets.target.wants
gpg-agent-extra.socket                   | sockets.target.wants
gpg-agent.socket                         | sockets.target.wants
gpg-agent-ssh.socket                     | sockets.target.wants
jellyfin.service                         | multi-user.target.wants
NetworkManager.service                   | multi-user.target.wants
NetworkManager-wait-online.service       | network-online.target.wants
p11-kit-server.socket                    | sockets.target.wants
pcscd.socket                             | sockets.target.wants
pipewire-media-session.service           | pipewire.service.wants
pipewire-session-manager.service         | user
pipewire.socket                          | sockets.target.wants
pulseaudio.socket                        | sockets.target.wants
remote-fs.target                         | multi-user.target.wants
xdg-user-dirs-update.service             | default.target.wants
xow.service                              | multi-user.target.wants

I noticed that when I first log in, it seems like everything is working, the kscreenlocker unlocks as it's supposed to, and sudo works as it's supposed to. Then after some timeout or something, it all stops. Very odd...

Offline

#12 2021-10-11 07:14:16

seth
Member
From: Don't DM me only for attention
Registered: 2012-09-03
Posts: 69,442

Re: [SOLVED] Can't resume session or `sudo` any command

There's an enourmous and frequent amount of

Oct 10 19:29:56 natearchlinux sudo[1331]: pam_unix(sudo:auth): conversation failed
Oct 10 19:29:56 natearchlinux sudo[1331]: pam_unix(sudo:auth): auth could not identify password for [nate]

and ultimately faillock kicks in.

Since there's also an intermittent, successful "sudo pacman -Syu" I guess the maaaaaaaaaaaany failed sudo calls come from some non-interactive script/daemon that you need to shut down and/or grant passwordless sudo to in your sudoers.

Whatever you do: if you google this problem, do NOT add "pam_permit.so" anywhere - that's not a solution, that's suicide.

Online

#13 2021-10-11 12:48:01

n8jadams
Member
Registered: 2021-08-23
Posts: 49

Re: [SOLVED] Can't resume session or `sudo` any command

I'm kind of lost here. I've tried disabling each of the services that I manually installed, to no avail.

Is there a better way to narrow down what this "non-interactive script/daemon" is?

Offline

#14 2021-10-11 13:26:26

seth
Member
From: Don't DM me only for attention
Registered: 2012-09-03
Posts: 69,442

Re: [SOLVED] Can't resume session or `sudo` any command

mv /usr/bin/sudo /usr/bin/sudo.bin
vim /usr/bin/sudo

#!/bin/sh
echo "$@" >> /tmp/sudo.log
exec /usr/bin/sudo.bin $@
chmod +x /usr/bin/sudo

Online

#15 2021-10-11 14:06:07

n8jadams
Member
Registered: 2021-08-23
Posts: 49

Re: [SOLVED] Can't resume session or `sudo` any command

Clever trick!

Something is calling

ipsec status
ipsec --version

Over and over again...

And that command doesn't exist...

Should I try to install that command (strongswan?)

or find what is calling it?

Last edited by n8jadams (2021-10-11 14:07:47)

Offline

#16 2021-10-11 14:08:53

seth
Member
From: Don't DM me only for attention
Registered: 2012-09-03
Posts: 69,442

Re: [SOLVED] Can't resume session or `sudo` any command

Strongsawan? Anything VPN related? Some networkstatus display widgetthingy?

Edit:
"or find what is calling it!" - installing strongswan will only provide the binary, but not grant you sudo rights. So the problem will remain.
You could allow the calls (to fail) in your sudoers, but that's nuts. Prevent them from being made.

Last edited by seth (2021-10-11 14:10:19)

Online

#17 2021-10-11 14:18:28

n8jadams
Member
Registered: 2021-08-23
Posts: 49

Re: [SOLVED] Can't resume session or `sudo` any command

Now I'm thinking it is nordpy. How can I give the application sudo access? I'm new to sudoer files...

Offline

#18 2021-10-11 14:26:58

seth
Member
From: Don't DM me only for attention
Registered: 2012-09-03
Posts: 69,442

Re: [SOLVED] Can't resume session or `sudo` any command

nate    ALL= NOPASSWD: ipsec status, ipsec --version

But you want to file a bug at https://github.com/morpheusthewhite/nordpy/issues
1. it should not call ipsec if it's not available (cause you're not using strongswan)
2. not use sudo unless it has to (certainly not for "ipsec --version")
3. inform the user that they've to open sudo or use a better way to raise privileges.

Online

#19 2021-10-11 15:32:40

n8jadams
Member
Registered: 2021-08-23
Posts: 49

Re: [SOLVED] Can't resume session or `sudo` any command

That did it!

As root I ran `EDITOR=vim visudo` and added this line

nate       ALL=(ALL) NOPASSWD: /usr/bin/ipsec

and installed `strongswan` anyway. Figured it wouldn't hurt.

Now everything is working as expected.

I'll make sure to file a bug report in the nordpy git repo. Thanks for the help!

Offline

Board footer

Powered by FluxBB