Bug#1076728: elogind: privileged operation with polkit fails
Mark Hindley
mark at hindley.org.uk
Mon Dec 16 17:41:57 GMT 2024
Andrew,
I am afraid I still can't reproduce this.
Check some basics please. I have the following installed:
test at DebianUnstable:~$ dpkg -l|grep -E 'polkit|elogind|systemd'|grep ^ii
ii elogind 255.5-1debian3 amd64 user, seat and session management daemon
ii libpam-elogind:amd64 255.5-1debian3 amd64 elogind PAM module
ii libpam-elogind-compat:amd64 1.3 amd64 Compatibility package for testing integration of libpam-elogind into Debian
ii libpolkit-agent-1-0:amd64 125-2 amd64 polkit Authentication Agent API
ii libpolkit-gobject-1-0:amd64 125-2 amd64 polkit Authorization API
ii polkitd 125-2 amd64 framework for managing administrative policies and privileges
ii libsystemd0:amd64 257-2 amd64 systemd utility library
All lightdm* PAM configs should include common-session:
test at DebianUnstable:~$ grep common-session /etc/pam.d/lightdm*
/etc/pam.d/lightdm:@include common-session
/etc/pam.d/lightdm-autologin:@include common-session
/etc/pam.d/lightdm-greeter:@include common-session
PAM common-session should include pam_elogind.so:
test at DebianUnstable:~$ grep elogind /etc/pam.d/common-session
session optional pam_elogind.so
With that, when you login you should have a valid session:
test at DebianUnstable:~$ loginctl
SESSION UID USER SEAT TTY STATE IDLE SINCE
1 1000 test seat0 - active no -
c1 105 lightdm seat0 - closing no -
2 sessions listed.
and that session can be used to gain privs (you might need to install pkexec)
test at DebianUnstable:~$ pkexec id
==== AUTHENTICATING FOR org.freedesktop.policykit.exec ====
Authentication is needed to run `/usr/bin/id' as the super user
Authenticating as: Test User,,, (test)
Password:
==== AUTHENTICATION COMPLETE ====
uid=0(root) gid=0(root) groups=0(root)
All lightdm and xfce hibernate/restart/shutdown options are available and functional.
Which steps give you different results?
Mark
More information about the Debian-init-diversity
mailing list