Your message dated Sun, 10 Dec 2017 18:53:39 -0800
with message-id <871sk2ug98....@hope.eyrie.org>
and subject line Re: Bug#883347: systemd fails to load pam_unix.so when
spawning user.service
has caused the Debian Bug report #883347,
regarding systemd: pam_systemd(su:session): Failed to create session
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
883347: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=883347
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: systemd
Version: 235-3
Severity: normal
Dear Maintainer,
-- Package-specific info:
-- BEGIN ATTACHMENTS --
/tmp/tmp.7PUo56QuH2/systemd-delta.txt
/tmp/tmp.7PUo56QuH2/systemd-analyze-dump.txt
/tmp/tmp.7PUo56QuH2/dsh-enabled.txt
/etc/fstab
-- END ATTACHMENTS --
After an upgrade two days ago, I get errors in system logs shortly after
midnight. I was not able to understand what program exactly has
problems, so I am not able to repsoduce this from the command line.
Since systemd is involved, I am filing a report for systemd.
Apparently, the PAM modules are looking in /lib/security to load
libraries, but that directory does not exist on my system.
Here is what I get in daemon.log:
Dec 6 00:08:25 tucano systemd[1]: Created slice User Slice of nobody.
Dec 6 00:08:25 tucano systemd[1]: Starting User Manager for UID 65534...
Dec 6 00:08:25 tucano systemd[1]: Started Session c41 of user nobody.
Dec 6 00:08:25 tucano systemd[28191]: PAM failed: Authentication failure
Dec 6 00:08:25 tucano systemd[28191]: user@65534.service: Failed to set up PAM
session: Operation not permitted
Dec 6 00:08:25 tucano systemd[28191]: user@65534.service: Failed at step PAM
spawning /lib/systemd/systemd: Operation not permitted
Dec 6 00:08:25 tucano systemd[1]: user@65534.service: Failed with result
'protocol'.
Dec 6 00:08:25 tucano systemd[1]: Failed to start User Manager for UID 65534.
Dec 6 00:08:25 tucano console-kit-daemon[6899]: console-kit-daemon[6899]:
GLib-CRITICAL: Source ID 3321 was not found when attempting to remove it
Dec 6 00:08:25 tucano console-kit-daemon[6899]: GLib-CRITICAL: Source ID 3321
was not found when attempting to remove it
Dec 6 00:08:25 tucano systemd[1]: Removed slice User Slice of nobody.
Dec 6 00:08:25 tucano systemd[1]: Created slice User Slice of nobody.
Dec 6 00:08:25 tucano systemd[1]: Starting User Manager for UID 65534...
Dec 6 00:08:25 tucano systemd[1]: Started Session c42 of user nobody.
Dec 6 00:08:25 tucano systemd[28222]: PAM failed: Authentication failure
Dec 6 00:08:25 tucano systemd[28222]: user@65534.service: Failed to set up PAM
session: Operation not permitted
Dec 6 00:08:25 tucano systemd[28222]: user@65534.service: Failed at step PAM
spawning /lib/systemd/systemd: Operation not permitted
Dec 6 00:08:25 tucano systemd[1]: user@65534.service: Failed with result
'protocol'.
Dec 6 00:08:25 tucano systemd[1]: Failed to start User Manager for UID 65534.
Dec 6 00:08:25 tucano systemd[1]: Removed slice User Slice of nobody.
Dec 6 00:08:25 tucano console-kit-daemon[6899]: console-kit-daemon[6899]:
GLib-CRITICAL: Source ID 3339 was not found when attempting to remove it
Dec 6 00:08:25 tucano console-kit-daemon[6899]: GLib-CRITICAL: Source ID 3339
was not found when attempting to remove it
Dec 6 00:08:25 tucano systemd[1]: Created slice User Slice of nobody.
Dec 6 00:08:25 tucano systemd[1]: Starting User Manager for UID 65534...
Dec 6 00:08:25 tucano systemd[1]: Started Session c43 of user nobody.
Dec 6 00:08:25 tucano systemd[28237]: PAM failed: Authentication failure
Dec 6 00:08:25 tucano systemd[28237]: user@65534.service: Failed to set up PAM
session: Operation not permitted
Dec 6 00:08:25 tucano systemd[28237]: user@65534.service: Failed at step PAM
spawning /lib/systemd/systemd: Operation not permitted
Dec 6 00:08:25 tucano systemd[1]: user@65534.service: Failed with result
'protocol'.
Dec 6 00:08:25 tucano systemd[1]: Failed to start User Manager for UID 65534.
and here is what I get in auth.log:
Dec 6 00:08:25 tucano su[28190]: Successful su for nobody by root
Dec 6 00:08:25 tucano su[28190]: + ??? root:nobody
Dec 6 00:08:25 tucano su[28190]: pam_unix(su:session): session opened for user
nobody by (uid=0)
Dec 6 00:08:25 tucano systemd-logind[2519]: New session c41 of user nobody.
Dec 6 00:08:25 tucano systemd: PAM unable to dlopen(pam_unix.so):
/lib/security/pam_unix.so: cannot open shared object file: No such file or
directory
Dec 6 00:08:25 tucano systemd: PAM adding faulty module: pam_unix.so
Dec 6 00:08:25 tucano systemd: PAM unable to dlopen(pam_cracklib.so):
/lib/security/pam_cracklib.so: cannot open shared object file: No such file or
directory
Dec 6 00:08:25 tucano systemd: PAM adding faulty module: pam_cracklib.so
Dec 6 00:08:25 tucano su[28190]: pam_systemd(su:session): Failed to create
session: Start job for unit user@65534.service failed with 'failed'
Dec 6 00:08:25 tucano su[28190]: pam_unix(su:session): session closed for user
nobody
Dec 6 00:08:25 tucano systemd-logind[2519]: Removed session c41.
Dec 6 00:08:25 tucano su[28205]: Successful su for nobody by root
Dec 6 00:08:25 tucano su[28205]: + ??? root:nobody
Dec 6 00:08:25 tucano su[28205]: pam_unix(su:session): session opened for user
nobody by (uid=0)
Dec 6 00:08:25 tucano systemd: PAM unable to dlopen(pam_unix.so):
/lib/security/pam_unix.so: cannot open shared object file: No such file or
directory
Dec 6 00:08:25 tucano systemd-logind[2519]: New session c42 of user nobody.
Dec 6 00:08:25 tucano systemd: PAM adding faulty module: pam_unix.so
Dec 6 00:08:25 tucano systemd: PAM unable to dlopen(pam_cracklib.so):
/lib/security/pam_cracklib.so: cannot open shared object file: No such file or
directory
Dec 6 00:08:25 tucano systemd: PAM adding faulty module: pam_cracklib.so
Dec 6 00:08:25 tucano su[28205]: pam_systemd(su:session): Failed to create
session: Start job for unit user@65534.service failed with 'failed'
Dec 6 00:08:25 tucano su[28205]: pam_unix(su:session): session closed for user
nobody
Dec 6 00:08:25 tucano systemd-logind[2519]: Removed session c42.
Dec 6 00:08:25 tucano su[28231]: Successful su for nobody by root
Dec 6 00:08:25 tucano su[28231]: + ??? root:nobody
Dec 6 00:08:25 tucano su[28231]: pam_unix(su:session): session opened for user
nobody by (uid=0)
Dec 6 00:08:25 tucano systemd: PAM unable to dlopen(pam_unix.so):
/lib/security/pam_unix.so: cannot open shared object file: No such file or
directory
Dec 6 00:08:25 tucano systemd: PAM adding faulty module: pam_unix.so
Dec 6 00:08:25 tucano systemd-logind[2519]: New session c43 of user nobody.
Dec 6 00:08:25 tucano systemd: PAM unable to dlopen(pam_cracklib.so):
/lib/security/pam_cracklib.so: cannot open shared object file: No such file or
directory
Dec 6 00:08:25 tucano systemd: PAM adding faulty module: pam_cracklib.so
Dec 6 00:08:25 tucano su[28231]: pam_systemd(su:session): Failed to create
session: Start job for unit user@65534.service failed with 'failed'
-- System Information:
Debian Release: buster/sid
APT prefers testing
APT policy: (990, 'testing'), (101, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.13.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=it_IT.UTF-8 (charmap=UTF-8),
LANGUAGE=C:en_GB:en:en_US:it:fr:es (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages systemd depends on:
ii adduser 3.116
ii libacl1 2.2.52-3+b1
ii libapparmor1 2.11.1-3
ii libaudit1 1:2.8.1-2
ii libblkid1 2.30.2-0.1
ii libc6 2.25-2
ii libcap2 1:2.25-1.1
ii libcryptsetup4 2:1.7.5-1
ii libgcrypt20 1.8.1-4
ii libgpg-error0 1.27-5
ii libidn11 1.33-2
ii libip4tc0 1.6.1-2+b1
ii libkmod2 24-1
ii liblz4-1 0.0~r131-2+b1
ii liblzma5 5.2.2-1.3
ii libmount1 2.30.2-0.1
ii libpam0g 1.1.8-3.6
ii libseccomp2 2.3.1-2.1
ii libselinux1 2.7-2
ii libsystemd0 235-3
ii mount 2.30.2-0.1
ii procps 2:3.3.12-3
ii util-linux 2.30.2-0.1
Versions of packages systemd recommends:
ii dbus 1.12.2-1
ii libpam-systemd 235-3
Versions of packages systemd suggests:
ii policykit-1 0.105-18
ii systemd-container 235-3
Versions of packages systemd is related to:
pn dracut <none>
ii initramfs-tools 0.130
ii udev 235-3
-- no debconf information
--- End Message ---
--- Begin Message ---
Michael Biebl <bi...@debian.org> writes:
> Am 02.12.2017 um 19:41 schrieb Russ Allbery:
>> Since upgrading a system to 235-3, all ssh connections are producing the
>> following syslog errors:
>> Dec 2 06:28:23 lothlorien systemd: PAM unable to dlopen(pam_unix.so):
>> /lib/security/pam_unix.so: cannot open shared object file: No such file or
>> directory
>> Dec 2 06:28:23 lothlorien systemd: PAM adding faulty module: pam_unix.so
>> Dec 2 06:28:23 lothlorien sshd[20758]: pam_systemd(sshd:session): Failed to
>> create session: Start job for unit user@999.service failed with 'failed'
>> Dec 2 06:28:23 lothlorien systemd[20760]: PAM failed: Authentication failure
>> Dec 2 06:28:23 lothlorien systemd[20760]: user@999.service: Failed to set
>> up PAM session: Operation not permitted
>> Dec 2 06:28:23 lothlorien systemd[20760]: user@999.service: Failed at step
>> PAM spawning /lib/systemd/systemd: Operation not permitted
>> Dec 2 06:28:23 lothlorien systemd[1]: user@999.service: Failed with result
>> 'protocol'.
>> Dec 2 06:28:23 lothlorien systemd[1]: Failed to start User Manager for UID
>> 999.
[...]
> systemd-logind.service was locked down further in v235. A diff of
> systemd-logind.service shows:
> +LockPersonality=yes
> +IPAddressDeny=any
> I'm not entirely sure if that is related, but you might try commenting
> those two lines out in /lib/systemd/system/systemd-logind.service and
> see if that makes a difference.
This problem went away entirely after a system reboot. I'm guessing
something didn't get restarted properly or failed to pick up paths during
various incremental upgrades without a reboot? In any event, now
everything is working fine.
--
Russ Allbery (r...@debian.org) <http://www.eyrie.org/~eagle/>
--- End Message ---
_______________________________________________
Pkg-systemd-maintainers mailing list
Pkg-systemd-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-systemd-maintainers
