logind fails to work, falling back to ConsoleKit when /run/users has wrong permissions

The relevant code in systemd is src/login/logind-user.c:

static int user_mkdir_runtime_path(User *u) {
        char *p;
        int r;

        assert(u);

        r = mkdir_safe_label("/run/user", 0755, 0, 0);
        if (r < 0) {
                log_error("Failed to create /run/user: %s", strerror(-r));
                return r;
        }

It would seem that the directory already exists should not be considered an error?

Here is the core of the implementation:

static int makedir_safe(const char *path, mode_t mode, uid_t uid, gid_t gid, bool apply) {
        struct stat st;

        if (label_mkdir(path, mode, apply) >= 0)
                if (chmod_and_chown(path, mode, uid, gid) < 0)
                        return -errno;

        if (lstat(path, &st) < 0)
                return -errno;

        if ((st.st_mode & 0777) != mode ||
            st.st_uid != uid ||
            st.st_gid != gid ||
            !S_ISDIR(st.st_mode)) {
                errno = EEXIST;
                return -errno;
        }

        return 0;
}

So it does handle the case where the directory already exists, but requires that *if* it exists, the permissions be correct. The EEXIST is actually being thrown by this code, and not due to a failure to check the return of the mkdir() call itself.

What are the perms on this directory when you see the problem?

That reminds me of a bug that Iain reported this morning and a while ago: For him, sometimes /run/user/1000/pulse has root:root permissions instead of being owned by Iain, but for him /run/user/1000 itself (and all other directories) are correct. I really don't see what else other than pulseaudio itself would handle/create/touch that directory. My suspicion is that at some point in time pulseaudio must have been running as root in the new session. Could that perhaps be a race condition of some sort in lightdm that it drops root privileges too late?

NB that this is pure speculation, and the two issues might not even be related. I'm just bringing it up here as that's the second issue of runtime dir permissions apparently being wrong.

That other bug is bug #1197395, FWIW

Turns out this is a bug in ubuntu-touch-session - specifically in ubuntu-touch-session-setup.conf:

    mkdir -p "$XDG_RUNTIME_DIR"
    chmod 0700 "$XDG_RUNTIME_DIR"
    chown "$uid:$gid" "$XDG_RUNTIME_DIR"

It needs to be 0755, not 0700 for logind to work.

ubuntu-touch-session should not be creating this directory *at all*; it should be relying on the same component that we use on the desktop for this (namely, mountall).

this code comes from http://upstart.ubuntu.com/cookbook/#non-graphical-sessions-ubuntu-specific
i doubt anyone ever tested if it is actually needed ... i will test with the dir creation removed and upload a fix if it works.

i dropped the code now, it doesn't seem to have any ill effects to not have it ...

This bug was fixed in the package ubuntu-touch-session - 0.63

---------------
ubuntu-touch-session (0.63) saucy; urgency=low

  * drop XDG_RUNTIME_DIR creation from upstart job (LP: #1206897)
 -- Oliver Grawert <email address hidden> Wed, 14 Aug 2013 18:24:28 +0200