pam_systemd not enabled in saucy upgrade

Bug #1185592 reported by Diego Andres
10
This bug affects 2 people
Affects Status Importance Assigned to Milestone
systemd (Ubuntu)
Undecided
Unassigned

Bug Description

dist-upgraded by accident to 13.10... no permissions for audio... after adding user diego to audio group in /etc/group, audio works again, but still does not mount devices (and internal disks)... also does not show shutdown/restart buttons but logout/lock instead... after latest aptitude upgrade network manager does not have permissions to connect (I need to sudo dhclient eth0)...

probably related to lack of permissions for dbus

ProblemType: Bug
DistroRelease: Ubuntu 13.10
Package: udev 202-0ubuntu10
ProcVersionSignature: Ubuntu 3.9.0-1.5-generic 3.9.1
Uname: Linux 3.9.0-1-generic i686
NonfreeKernelModules: nvidia
ApportVersion: 2.10.2-0ubuntu1
Architecture: i386
CustomUdevRuleFiles: z80_user.rules 51-android.rules 10-vboxdrv.rules
Date: Wed May 29 23:47:17 2013
HotplugNewDevices: /dev/sdd /dev/sdd1
HotplugNewMounts:

InstallationDate: Installed on 2010-01-14 (1231 days ago)
InstallationMedia: Ubuntu 9.10 "Karmic Koala" - Release i386 (20091028.5)
MachineType: System manufacturer System Product Name
MarkForUpload: True
ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-3.9.0-1-generic root=UUID=5d1c6d4a-087c-4274-9161-724bdde1248c ro quiet splash
SourcePackage: systemd
Symptom: storage
Title: Does not detect hotplugged storage device
UpgradeStatus: Upgraded to saucy on 2013-05-12 (17 days ago)
dmi.bios.date: 11/23/2009
dmi.bios.vendor: American Megatrends Inc.
dmi.bios.version: 1102
dmi.board.asset.tag: To Be Filled By O.E.M.
dmi.board.name: P7P55D
dmi.board.vendor: ASUSTeK Computer INC.
dmi.board.version: Rev 1.xx
dmi.chassis.asset.tag: Asset-1234567890
dmi.chassis.type: 3
dmi.chassis.vendor: Chassis Manufacture
dmi.chassis.version: Chassis Version
dmi.modalias: dmi:bvnAmericanMegatrendsInc.:bvr1102:bd11/23/2009:svnSystemmanufacturer:pnSystemProductName:pvrSystemVersion:rvnASUSTeKComputerINC.:rnP7P55D:rvrRev1.xx:cvnChassisManufacture:ct3:cvrChassisVersion:
dmi.product.name: System Product Name
dmi.product.version: System Version
dmi.sys.vendor: System manufacturer

Revision history for this message
Diego Andres (drabaioli) wrote :
Diego Andres (drabaioli)
description: updated
Revision history for this message
Martin Pitt (pitti) wrote :

After logging into the session, please copy&paste the output of "loginctl" and "loginctl show-session". Please also attach /etc/pam.d/common-session. Thanks!

Changed in systemd (Ubuntu):
status: New → Incomplete
summary: - Doesn't mount and open nautilus when clicking disk icon (does not have
- permissions)
+ No logind session after upgrade
Revision history for this message
Diego Andres (drabaioli) wrote : Re: No logind session after upgrade

diego@sdra: ~ $ loginctl
   SESSION UID USER SEAT

0 sessions listed.

diego@sdra: ~ $ loginctl show-session
ControlGroupHierarchy=/user
NAutoVTs=6
KillExcludeUsers=root
KillUserProcesses=no
IdleHint=yes
IdleSinceHint=0
IdleSinceHintMonotonic=0
InhibitDelayMaxUSec=5s
HandlePowerKey=poweroff
HandleSuspendKey=suspend
HandleHibernateKey=hibernate
HandleLidSwitch=suspend
IdleAction=ignore
IdleActionUSec=30min
PreparingForShutdown=no
PreparingForSleep=no

diego@sdra: ~ $ cat /etc/pam.d/common-session
#
# /etc/pam.d/common-session - session-related modules common to all services
#
# This file is included from other service-specific PAM config files,
# and should contain a list of modules that define tasks to be performed
# at the start and end of sessions of *any* kind (both interactive and
# non-interactive).
#
# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
# To take advantage of this, it is recommended that you configure any
# local modules either before or after the default block, and use
# pam-auth-update to manage selection of other modules. See
# pam-auth-update(8) for details.

# here are the per-package modules (the "Primary" block)
session [default=1] pam_permit.so
# here's the fallback if no module succeeds
session requisite pam_deny.so
# prime the stack with a positive return value if there isn't one already;
# this avoids us returning an error just because nothing sets a success code
# since the modules above will each just jump around
session required pam_permit.so
# The pam_umask module will set the umask according to the system default in
# /etc/login.defs and user settings, solving the problem of different
# umask settings with different shells, display managers, remote sessions etc.
# See "man pam_umask".
session optional pam_umask.so
# and here are more per-package modules (the "Additional" block)
session required pam_unix.so
session optional pam_winbind.so
session optional pam_xdg_support.so
session optional pam_ecryptfs.so unwrap
session optional pam_ck_connector.so nox11
# end of pam-auth-update config

Martin Pitt (pitti)
summary: - No logind session after upgrade
+ pam_systemd not enabled in saucy upgrade
Revision history for this message
Martin Pitt (pitti) wrote :

> session optional pam_ck_connector.so nox11

That's what I suspected. For some reason pam-auth-update did not update /etc/pam.d/common-auth from ConsoleKit to logind.

Can you please run "sudo pam-auth-update --package --force" and verify that it works afterwards?

Changed in systemd (Ubuntu):
status: Incomplete → Triaged
Revision history for this message
Diego Andres (drabaioli) wrote :

-I runned "sudo pam-auth-update --package --force".
-no output after the command
-rebooted
-lot of messages during bootup:
[ 23.391635] systemd-udevd[1939]: failed to execute '/lib/udev/socket:@/org/freedesktop/hal/udev_event' 'socket:@/org/freedesktop/hal/udev_event': No such file or directory
-problem still persists

Revision history for this message
Martin Pitt (pitti) wrote :

Please uninstall the "hal" package, it has been deprecated for years (but that's not the bug here, it's just causing those "failed to execute '/lib/udev/socket" messages).

Do you have pam_systemd in /etc/pam.d/common-auth now? What's the output of

  dpkg -l | grep systemd

?

Revision history for this message
Diego Andres (drabaioli) wrote :

removed hal, hal-info, libhal-storage1

pam_systemd is NOT in /etc/pam.d/common-auth

actual content is:

auth [success=2 default=ignore] pam_unix.so nullok_secure
auth [success=1 default=ignore] pam_winbind.so krb5_auth krb5_ccache_type=FILE cached_login try_first_pass
auth requisite pam_deny.so
auth required pam_permit.so
auth optional pam_smbpass.so migrate
auth optional pam_ecryptfs.so unwrap
auth optional pam_cap.so

output of "dpkg -l | grep systemd" is:

ii libsystemd-daemon0:i386 202-0ubuntu11 i386 systemd utility library
ii libsystemd-login0:i386 202-0ubuntu11 i386 systemd login utility library
ii systemd-services 202-0ubuntu11 i386 systemd runtime services
ii systemd-shim 3+real-0ubuntu1 i386 shim for systemd

Revision history for this message
Martin Pitt (pitti) wrote :

Sorry, I meant /etc/pam.d/common-session (as in my first question). Installed packages are alright. Do you get a choice "Register user sessions in the systemd control group hierarchy" in the dialog when you run

  sudo pam-auth-update --force

? Please make sure that this is enabled.

Revision history for this message
Diego Andres (drabaioli) wrote :

When running "sudo pam-auth-update --force" the text interface shows:

""""""""""""""""""""""""""""""""""
Pluggable Authentication Modules (PAM) determine how authentication, authorization, and password changing are handled on the system, as well as allowing
 configuration of additional actions to take when starting user sessions.

 Some PAM module packages provide profiles that can be used to automatically adjust the behavior of all PAM-using applications on the system. Please
 indicate which of these behaviors you wish to enable.

 PAM profiles to enable:

    [*] Unix authentication
    [*] Winbind NT/Active Directory authentication
    [*] XDG_RUNTIME_DIR support
    [*] SMB password synchronization
    [*] GNOME Keyring Daemon - Login keyring management
    [*] eCryptfs Key/Mount Management
    [*] ConsoleKit Session Management
    [*] Inheritable Capabilities Management

                                               <Ok> <Cancel>
""""""""""""""""""""""""""""""""""

pam_systemd is still not in /etc/pam.d/common-session.

Revision history for this message
Martin Pitt (pitti) wrote :

> Installed packages are alright.

Ah, in fact they are not. You are missing libpam-systemd. This is a dependency of both the ubuntu-desktop metapackage, as well as of basic packages like policykit-1 and dbus, so it's really curious how you ended up not having it. Did you do a partial upgrade only?

Changed in systemd (Ubuntu):
status: Triaged → Invalid
Revision history for this message
Diego Andres (drabaioli) wrote :

Hi Martin,

finally the problem is fixed!!!

I installed libpam-systemd as you suggested, I had to remove libpam-xdg-support first
as it was conflicting. Then rebooted and everything is fine: NetworkManager automatically
connects, internal disks get mounted from nautilus (and probably audio is fixed as well)...

Thanks a lot for your support!

ps: things may have messed up during upgrade indeed! Upgrade from 12.10 to 13.04 was
interrupted and I manually finished it by "apt-get install -f"... This is also why I accidentally
dist-upgraded to 13.10 trying to fix the incomplete dist-upgrade

Revision history for this message
Martin Pitt (pitti) wrote : Re: [Bug 1185592] Re: pam_systemd not enabled in saucy upgrade

Diego Andres [2013-06-03 15:49 -0000]:
> ps: things may have messed up during upgrade indeed! Upgrade from 12.10 to 13.04 was
> interrupted and I manually finished it by "apt-get install -f"...

Better complete it with "apt-get dist-upgrade" then.

Martin

Revision history for this message
Xavier Aragon (xarax-lp) wrote :

For the record, I also suffered from similar symptoms after upgrading to Saucy, and the reason turned out to be pam_systemd missing from /etc/pam.d/common-session.

However, in my case the upgrade had succeeded and package libpam-systemd had been installed. It did not add pam_systemd to common-session because pam-auth-update detected a local modification I had made to /etc/pam.d/common-session-noninteractive at some earlier point in history.

I guess local modifications to the /etc/pam.d/common-* files are quite rare, but people that have them might be in risk of having a slightly broken system after upgrading to Saucy.

Revision history for this message
proy (partha-guha-roy) wrote :

I got bit by this bug. I had Fedora 20 Beta installed on my system. Formatted that partition and installed Kubuntu 13.10. On first boot and on the LiveCD, everything worked fine. Then did a "sudo apt-get update && sudo apt-get dist-upgrade", rebooted and the following things in KDE did not work:

- Wifi network
- Sound
- Shutdown/restart

The comments here helped and the problem indeed is systemd missing in pam. However, none of the suggestions worked. Then added the following line in /etc/pam.d/common-session and everything works:

session optional pam_systemd.so

My /etc/pam.d has a lot of *.pam-old files. Those files actually contain the systemd module.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers