Bug 36686

Summary: as root "su <user> -c ls" exits with su: System error
Product: systemd Reporter: Alban Browaeys <prahal>
Component: generalAssignee: Lennart Poettering <lennart>
Status: RESOLVED FIXED QA Contact:
Severity: normal    
Priority: medium    
Version: unspecified   
Hardware: Other   
OS: All   
Whiteboard:
i915 platform: i915 features:
Attachments: Fix pam su exit error

Description Alban Browaeys 2011-04-29 09:54:43 UTC 
Created attachment 46159 [details] [review]
Fix pam su exit error

The are various issue with cgroups in the pam module as is when su is involved and started from root then switched to a lower access account.
This patch fixes those: ie /user/.pam-systemd-lock access, permissions of cgroups items and intermediate cgroups "directories" to allow them to be removed at the end of the session.
It needs review though I tested it on debian for the last few monthes (quality side).
Any questions or comments welcomed (I need to refresh my insights of this code I made monthes ago but sadly did not send to the bug tracker sooner)
Comment 1 Lennart Poettering 2011-04-29 15:53:30 UTC 
Your su implementation is broken, if it does not run the session close hooks as privileged user.

Which one are you using?

We are using the one from coreutils, which gets this right.
Comment 2 Alban Browaeys 2011-09-01 19:41:31 UTC 
(In reply to comment #1)
> Your su implementation is broken, if it does not run the session close hooks as
> privileged user.
> 
> Which one are you using?
> 
> We are using the one from coreutils, which gets this right.

the "shadow" one (ie from login package on debian).

sorry for the lag.
Comment 3 Lennart Poettering 2012-07-20 15:05:26 UTC 
We don't use lock files in pam_systemd anymore, so I assume this bug is fixed for good.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.