Elogind v239.1 Devuan/Debian combined source

Andreas Messer andi at bastelmap.de
Wed Nov 14 06:16:49 GMT 2018

On Tue, Nov 13, 2018 at 07:23:54PM +0000, Mark Hindley wrote:
> On Tue, Nov 13, 2018 at 08:01:32PM +0100, Andreas Messer wrote:
> > >  ln -s /lib/DEB_HOST_MULTIARCH/security/pam_elogind.so /lib/DEB_HOST_MULTIARCH/security/pam_systemd.so
> > 
> > Ah, sorry. So probably you did not enable pam_elogind module? You should
> > not link like that. Modules should be loaded by PAM as defined
> > per config /etc/pam.
> AFAICS, it is enabled and appears in the automatic section of common-session.
> However, various /etc/pam.d files (runuer-1 and lightdm-greeter on my basic
> install) still reference pam_systemd.so directly or depend libpam-systemd. I
> suspect some of them have pam_systemd.so compiled into them.

Hmm, didn't know that. I can confirm this for Devuan/stable too. Maybe this is
the cause why shutdown/reboot buttons on login screen don't work.

The lightdm-greeter pam files should not affect the user session. These files
are only for the login screen presented by lightdm. This is since the
login screen itself does run with a unprivileged user account.

> I fully realise this is a kludge, and we will need to fix the packages that use
> pam_systemd directly but the only other option is to recompile everything
> against libelogind. Devuan has done that and it is fabulous. But that won't work
> for Debian.

At least i would expect a central place for such lightdm-greeter style pam
files to configure the session. There is common-session for all login
tools and there should be similar file for the others, also automatically

> [...]
> cat /etc/pam.d/common-session
> [...]

This file looks OK.

On Tue, Nov 13, 2018 at 07:47:52PM +0000, Mark Hindley wrote:
> On Tue, Nov 13, 2018 at 07:29:21PM +0000, Peter Maydell wrote:
> > So if you hand-hack these PAM files to refer to pam_elogind then
> > do things work without the symlink? This would at least tell us if
> > this is all we need to fix in these other packages, or if there are
> > other places that are using pam_systemd.so directly somehow.
> I think I tried that first and it only worked partially. To get the ability to
> reboot/poweroff from the desktop I think the syslink was required. So I suspect
> pam_systemd is compiled in. There are quite a few rdepends.

I consider any application which directly and explicitly loads a pam
module as broken. This is not the way how it was intended to work because
the intentation of /etc/pam.d is, that a site admin can configure it, no
compiled in forced magic.

I remind from devuan/stable, that there was one windowmanager which had
compiled in support for consolekit, it always talked to consolekit,
regardless about pam settings. Maybe there is some similar application
thing with systemd-logind.

gnuPG keyid: 8C2BAF51
fingerprint: 28EE 8438 E688 D992 3661 C753 90B3 BAAA 8C2B AF51
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL: <http://www.chiark.greenend.org.uk/pipermail/debian-init-diversity/attachments/20181114/84aad286/attachment.sig>

More information about the Debian-init-diversity mailing list