Unable to log in when user-home is not read/writable by root
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
upstart |
New
|
Undecided
|
Unassigned |
Bug Description
We have a setup using centralized home directories (Ubunto 12.04, Kerberos, NFS4 and autofs) with kdm as our login manager.
We installed one of our testing machines with 14.04. Unfortunately we can no longer log in using kdm or lightdm (gdm won't even start). Lighdm will verify the user credentials but immediately return to the login prompt. KDM is stuck after the verification step and needs to be killed.
Upon investigating the issue, we found that "init --user" is causing problems when the users home directory is not read/writable by root. The first problem occurs in "/usr/share/
We run our test using "xinit" setting the following environment before we start "init --user":
[code]
declare -x COMPIZ_
declare -x DEFAULTS_
declare -x DESKTOP_
declare -x DISPLAY=":0"
declare -x GTK_IM_
declare -x GTK_MODULES=
declare -x HOME="/
declare -x IM_CONFIG_PHASE="1"
declare -x KRB5CCNAME=
declare -x LANG="de_DE.UTF-8"
declare -x LIBRARY_
declare -x LOGNAME="atestuser"
declare -x MANDATORY_
declare -x SESSIONTYPE=
declare -x SHLVL="1"
declare -x USER="atestuser"
declare -x WINDOWPATH="7"
declare -x XDG_CONFIG_
declare -x XDG_DATA_
declare -x XDG_RUNTIME_
declare -x XDG_SEAT="seat0"
declare -x XDG_SESSION_ID="c2"
declare -x XDG_CURRENT_
declare -x XDG_VTNR="1"
declare -x XDM_MANAGED=
declare -x XMODIFIERS=
[/code]
Setting the HOME environment variable to something like /tmp allows us to start a gnome-session (we testest this with the xinit env as well as a forced HOME environment using lightdm and kdm). Disabeling upstart for the ubuntu session also fixes the login problem (however some of the status bar information like the time... won't work without upstart).
In our opinion the root process should never try to access a users home. Setup should be done when upstart switched to a userspace process.
Unfortunately this bug makes it impossible for us to use 14.04, as we did not find a workaround for this issue (besides using a window Manager that is not using upstart)
On Mon, Apr 28, 2014 at 08:18:21AM -0000, FB wrote:
> Upon investigating the issue, we found that "init --user" is causing upstart/ sessions/ dbus.con" pre- BUS_ADDRESS into a
> problems when the users home directory is not read/writable by root. The
> first problem occurs in "/usr/share/
> start. The script tries to write the DBUS_SESSION_
> temp-file in the users home (a file that is read by subsequent scripts)
> which fails causing "init --user" to fail with the message the "dbus-
> pre-start-process failed with return code 2"
init --user is run as the user, not as root. I don't think the problem is
related to the uid that upstart is running as. Why do you believe these
processes are running as root?