Bug 1182554 - cannot start greetd.service .... missing PAM module
cannot start greetd.service .... missing PAM module
Status: NEW
Classification: openSUSE
Product: openSUSE Tumbleweed
Classification: openSUSE
Component: Other
Current
x86-64 openSUSE Tumbleweed
: P5 - None : Enhancement (vote)
: ---
Assigned To: Denys Kondratenko
E-mail List
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2021-02-22 10:16 UTC by Matej Cepl
Modified: 2022-09-23 11:21 UTC (History)
6 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments
journalctl -xb output (457.32 KB, text/plain)
2021-02-22 10:16 UTC, Matej Cepl
Details
journalctl -b output (190.02 KB, text/plain)
2021-03-26 12:43 UTC, Matej Cepl
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Matej Cepl 2021-02-22 10:16:13 UTC
Created attachment 846366 [details]
journalctl -xb output

When trying to replace gdm with greetd following the steps on https://en.opensuse.org/Portal:OpenSUSEway, greetd fails to start and journal shows:

úno 22 09:38:10 stitny greetd[2347]: error: PAM 'greetd' service missing

When looking around, there is the file /usr/etc/pam.d/greetd with this content:

~@stitny$ cat /usr/etc/pam.d/greetd
#%PAM-1.0
auth     requisite      pam_nologin.so
auth     include        common-auth
account  include        common-account
password include        common-password
session  required       pam_loginuid.so
session  optional       pam_keyinit.so force revoke
session  include        common-session
~@stitny$

but I have still /etc/pam.d/ as well and there is no greetd file. Which one is used?
Comment 1 Denys Kondratenko 2021-02-22 10:21:59 UTC
yes, I know about that issue, workaround described here:
https://github.com/openSUSE/openSUSEway/issues/33
Comment 2 Denys Kondratenko 2021-02-22 10:33:12 UTC
`sudo ln -s /usr/etc/pam.d/greetd /etc/pam.d/greetd`
Comment 3 Matej Cepl 2021-02-22 17:51:25 UTC
Just FYI, the symlink helped this PAM problem, but still greetd didn’t came up anyway. I currently don’t have enough time to debug it, sorry, I will return to it later.
Comment 4 Denys Kondratenko 2021-02-22 17:54:11 UTC
(In reply to Matej Cepl from comment #3)
> Just FYI, the symlink helped this PAM problem, but still greetd didn’t came
> up anyway. I currently don’t have enough time to debug it, sorry, I will
> return to it later.

check what you have in config.toml, by default (if there is no openSUSEway) it has $TERM ... Tune config according to the system and greeter you want and it will work.
Comment 5 Matej Cepl 2021-03-24 14:57:49 UTC
(In reply to Denys Kondratenko from comment #4)
> check what you have in config.toml, by default (if there is no openSUSEway)
> it has $TERM ... Tune config according to the system and greeter you want
> and it will work.

Default which comes with the package (no openSUSEway package):

etc@stitny$ cat greetd/config.toml
[terminal]
# The VT to run the greeter on. Can be "next", "current" or a number
# designating the VT.
vt = 1

# The default session, also known as the greeter.
[default_session]

# `agreety` is the bundled agetty/login-lookalike. You can replace `$SHELL`
# with whatever you want started, such as `sway`.
command = "agreety --cmd $SHELL"

# The user to run the command as. The privileges this user must have depends
# on the greeter. A graphical greeter may for example require the user to be
# in the `video` group.
user = "greeter"
etc@stitny$
Comment 6 Matej Cepl 2021-03-24 15:03:23 UTC
And no, I don't want to install openSUSEway as long as it installs imv mpv mtools vifm adwaita-qt5 on my system, which I don't want at all, and they have nothing to do with the disclosed purpose of the package.
Comment 7 Matej Cepl 2021-03-24 15:09:49 UTC
And vim! (as a happy user of neovim, I am especially allergic to those). What's so wrong with Suggests:?
Comment 8 Denys Kondratenko 2021-03-24 17:06:55 UTC
Hi Matej,

so here is your issue:

> command = "agreety --cmd $SHELL"

$SHELL needs to be definer or just replace it. Or better use some other greeter for your taste:
https://man.sr.ht/~kennylevinsen/greetd/

I also reported issue here, to maybe fix it in some future:
https://github.com/openSUSE/openSUSEway/issues/37

but those settings are defaults from upstream.

Thanks,
Denys
Comment 9 Matej Cepl 2021-03-25 09:48:54 UTC
(In reply to Denys Kondratenko from comment #8)
> I also reported issue here, to maybe fix it in some future:
> https://github.com/openSUSE/openSUSEway/issues/37

Except that this is a bug in sway not openSUSEway, isn't it?
Comment 10 Denys Kondratenko 2021-03-25 10:01:03 UTC
(In reply to Matej Cepl from comment #9)
> (In reply to Denys Kondratenko from comment #8)
> > I also reported issue here, to maybe fix it in some future:
> > https://github.com/openSUSE/openSUSEway/issues/37
> 
> Except that this is a bug in sway not openSUSEway, isn't it?

sure, but I maintain both, and just tracking it there along with other greetd issues.
greetd is default login manager for the opensuseway
Comment 11 Matej Cepl 2021-03-26 12:43:52 UTC
Created attachment 847697 [details]
journalctl -b output

OK, back to this bug. I have tried with my modified openSUSEway (https://build.opensuse.org/request/show/881393 , could you take a look, please?), and gtkgreetd still crashes, so I had to return to gdm once again.

I am thinking now about these lines:

Mar 26 13:26:20 stitny dbus-daemon[2134]: [session uid=448 pid=2134] Activating service name='org.freedesktop.secrets' requested by ':1.6' (uid=448 pid=2158 comm="/usr/libexec/xdg-desk
top-portal " label="unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023")
Mar 26 13:26:20 stitny org.freedesktop.secrets[2250]: gnome-keyring-daemon: insufficient process capabilities, insecure memory might get used
Mar 26 13:26:20 stitny gnome-keyring-daemon[2250]: couldn't access control socket: /run/user/448/keyring/control: Adresář nebo soubor neexistuje
Mar 26 13:26:20 stitny gnome-keyring-d[2250]: couldn't access control socket: /run/user/448/keyring/control: Adresář nebo soubor neexistuje

and

Mar 26 13:26:31 stitny login[2299]: gkr-pam: unable to locate daemon control file
Mar 26 13:26:31 stitny login[2299]: gkr-pam: stashed password to try later in open session

("Adresář nebo soubor neexistuje" means obviously "Directory or file doesn't exist")

Any idea, what to do?
Comment 12 Denys Kondratenko 2021-03-26 13:20:49 UTC
(In reply to Matej Cepl from comment #11)
> Created attachment 847697 [details]
> journalctl -b output
> 
> OK, back to this bug. I have tried with my modified openSUSEway
> (https://build.opensuse.org/request/show/881393 , could you take a look,
> please?), and gtkgreetd still crashes, so I had to return to gdm once again.
> 

I will check it during the weekend. There is something that we require still as pamixer:
https://github.com/openSUSE/openSUSEway/blob/master/.config/sway/config.d/50-openSUSE.conf

But I will check everything else later.

> I am thinking now about these lines:
> 
> Mar 26 13:26:20 stitny dbus-daemon[2134]: [session uid=448 pid=2134]
> Activating service name='org.freedesktop.secrets' requested by ':1.6'
> (uid=448 pid=2158 comm="/usr/libexec/xdg-desk
> top-portal " label="unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023")
> Mar 26 13:26:20 stitny org.freedesktop.secrets[2250]: gnome-keyring-daemon:
> insufficient process capabilities, insecure memory might get used
> Mar 26 13:26:20 stitny gnome-keyring-daemon[2250]: couldn't access control
> socket: /run/user/448/keyring/control: Adresář nebo soubor neexistuje
> Mar 26 13:26:20 stitny gnome-keyring-d[2250]: couldn't access control
> socket: /run/user/448/keyring/control: Adresář nebo soubor neexistuje
> 

I have the same, but without label:
> label="unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023"


> and
> 
> Mar 26 13:26:31 stitny login[2299]: gkr-pam: unable to locate daemon control
> file
> Mar 26 13:26:31 stitny login[2299]: gkr-pam: stashed password to try later
> in open session
> 
> ("Adresář nebo soubor neexistuje" means obviously "Directory or file doesn't
> exist")

I have the same.

> 
> Any idea, what to do?
nope, I was too lazy to figure out.

What I see in the log that does matter:
> Mar 26 13:26:20 stitny greetd[2086]: error: check_children: greeter exited without creating a session
> Mar 26 13:26:20 stitny systemd-logind[1617]: Session 1 logged out. Waiting for processes to exit.

Could you please share your config files in `/etc/greetd` ?
Probably your script or command fails and greeter exits, or something...

I actually seen that error before, when was packaging tuigreet:
https://github.com/apognu/tuigreet/issues/7
Comment 13 Matej Cepl 2021-03-26 22:31:28 UTC
(In reply to Denys Kondratenko from comment #12)
> But I will check everything else later.

Thanks.

> I have the same, but without label:
> > label="unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023"

Damn! I forgot! I have switched on SELinux, and I see in ausearch there are soem issues. I will take a look at it next week (I am on PTO for next three weeks).

> Could you please share your config files in `/etc/greetd` ?
> Probably your script or command fails and greeter exits, or something...

stitny:~# for f in /etc/greetd/* ; do echo $f ; cat $f ; echo '===============' ; done
/etc/greetd/config.toml
[terminal]
# The VT to run the greeter on. Can be "next", "current" or a number
# designating the VT.
vt = 1

# The default session, also known as the greeter.
[default_session]

# `agreety` is the bundled agetty/login-lookalike. You can replace `$SHELL`
# with whatever you want started, such as `sway`.
#
command = "sway --config /etc/greetd/sway-config"

# The user to run the command as. The privileges this user must have depends
# on the greeter. A graphical greeter may for example require the user to be
# in the `video` group.
user = "greeter"
===============
/etc/greetd/config.toml.way
[terminal]
# The VT to run the greeter on. Can be "next", "current" or a number
# designating the VT.
vt = 1

# The default session, also known as the greeter.
[default_session]

# `agreety` is the bundled agetty/login-lookalike. You can replace `$SHELL`
# with whatever you want started, such as `sway`.
#
command = "sway --config /etc/greetd/sway-config"

# The user to run the command as. The privileges this user must have depends
# on the greeter. A graphical greeter may for example require the user to be
# in the `video` group.
user = "greeter"
===============
/etc/greetd/environments
sway-run.sh
bash
===============
/etc/greetd/sway-config
exec "gtkgreet -l; swaymsg exit"

bindsym Mod4+shift+e exec swaynag \
	-t warning \
	-m 'What do you want to do?' \
	-b 'Poweroff' 'systemctl poweroff' \
	-b 'Reboot' 'systemctl reboot'

#include /etc/sway/config.d/*
===============
stitny:~#

I think it is untouched content of openSUSEway.
Comment 14 Denys Kondratenko 2021-03-29 08:13:56 UTC
(In reply to Matej Cepl from comment #13)
> (In reply to Denys Kondratenko from comment #12)
> > But I will check everything else later.
> 
> Thanks.
> 
> > I have the same, but without label:
> > > label="unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023"
> 
> Damn! I forgot! I have switched on SELinux, and I see in ausearch there are
> soem issues. I will take a look at it next week (I am on PTO for next three
> weeks).
> 

yeah, maybe there is some issue with it.

> /etc/greetd/environments
> sway-run.sh
> bash

and you have sway-run.sh ? Does it also fails if you choose bash ?
Could you please try to choose bash and if it works just run sway-run.sh ?

> 
> I think it is untouched content of openSUSEway.
ah, so you installed openSUSEway, cool.

If that wouldn't work for you, could you please try to spin VM and try to reproduce the issue ?
Comment 15 Matej Cepl 2021-03-30 20:52:56 UTC
BTW, this doesn't look correct either:

gdm-autologin
6:auth     optional       pam_gnome_keyring.so

common-session-pc
37:session	optional	pam_gnome_keyring.so	auto_start only_if=gdm,gdm-password,lxdm,lightdm,mdm,sddm

common-session
37:session	optional	pam_gnome_keyring.so	auto_start only_if=gdm,gdm-password,lxdm,lightdm,mdm,sddm

common-password-pc
31:password	optional	pam_gnome_keyring.so	use_authtok

common-password
31:password	optional	pam_gnome_keyring.so	use_authtok

common-auth
33:auth	optional	pam_gnome_keyring.so

common-auth-pc
33:auth	optional	pam_gnome_keyring.so
stitny:pam.d#

(notice "only_if=gdm,*")