Am 2017-08-27 11:23, schrieb Ritesh Raj Sarraf:
On Sun, 2017-08-13 at 07:17 +0200, Jakobus Schürz wrote:
I have some systemd --user services from other packages.
The units are located in /etc/systemd/user/ or /usr/lib/systemd/user/
and enabled on installing.
When a daemon uses su or sudo on debian, it starts a service
user@$UID.service which is a systemd-daemon for the user-session.
This
sessions are normally not started for Daemons with UID below 1000
(except Debian-gdm).
I asked on the systemd-mailinglist, whats the problem, because
sometimes
leafnode starts an user-session (and with this the user-services
which are
thought for login-users with UID greater-equal 1000).
They told me, there must be the use of su or sudo in some scripts
from
the daemon.
I looked around and found, that there is su used in
/etc/cron.daily/leafnode
Just change from su to runuser, the cronjob also does his job, but
without invoking pam_systemd!
You find my changes below to use runuser instead of su, which solves
the
problems comming from the su-command.
Your original command is commented below my new line.
Hello,
In its current form, leafnode is invoked through inetd. Are you saying
that there is an issue with Debian Stretch + Systemd + leafnode/inted ?
Hi!
I wrote a socket-Unit for systemd, because I don't use inetd.
But that's not the point. It's the cronjob in /etc/cron.daily/leafnode,
which makes a Problem using su.
su invokes a whole User-Session via pam-systemd.
And you can change su to runuser (which is made out of the code from su
to avoid some Problems using su, especially this one), and do the same
job in cron.daily.
A sesseion invoked by su and pam-systemd starts to create xdg-userdirs
in the $HOME for leafnode (/var/lib/leafnode) and starts systemd --user
services, which are only made for Login-Users wiht UID above 1000 (Real
Users...)
In my bugreport you can find the changed code with runuser instead of
su, which works for me. runuser is part of util-linux since version 2.23
or so... a very long time. (2013...)
You can find an answer here:
https://unix.stackexchange.com/questions/269254/why-does-util-linux-runuser-su-fork
"Unlike su, IMO, runuser is made to be used in scripts (so never ask for
password, handle error status better, and also separate signals handling
(new session) from caller"
Would you be so pleasant, to test this and even fix it from su to
runuser?
Regards
Jakob
