On Mon, May 6, 2013 at 2:44 PM, Kai Krakow <hurikha...@gmail.com> wrote: > Hey list, > > I've built a server with systemd and it really worked out well. Fast booting > (that means shorter maintenance times) and most important: Reliable service > teardown and auto-restarts of crashed services. And yeah, I love the > journal. I'm logging everything there. > > But now I want to (and need to) give some users cron-like abilities. I > discovered that systemd supports user instances - perfect! > > So I enabled a session service for one user (actually, that's me): > > # sudo systemctl enable user@kakra.service > > But I cannot start it, and the user can neither. Starting it states in the > journal: > > # sudo systemctl start user@kakra.service > > May 06 23:35:00 vweb002.jugendinfo.de systemd[1]: Starting User Manager for > root... > -- Subject: Unit user@kakra.service has begun with start-up > -- Defined-By: systemd > -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel > -- > -- Unit user@kakra.service has begun starting up. > May 06 23:35:00 vweb002.jugendinfo.de systemd[4438]: Failed at step PAM > spawning /usr/lib/systemd/systemd: Operation not permitted > -- Subject: Process /usr/lib/systemd/systemd could not be executed > -- Defined-By: systemd > -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel > -- Documentation: > http://www.freedesktop.org/wiki/Software/systemd/catalog/641257651c1b4ec9a8624d7a40a9e1e7 > -- > -- The process /usr/lib/systemd/systemd could not be executed and failed. > -- > -- The error number returned while executing this process is 1. > May 06 23:35:00 vweb002.xxxxxx.de systemd[1]: Started User Manager for root. > -- Subject: Unit user@kakra.service has finished start-up > -- Defined-By: systemd > -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel > -- > -- Unit user@kakra.service has finished starting up. > -- > -- The start-up result is done. > > Why does it say "Starting user manager for root" (and not my username) and > why does it fail with pam? If I start "systemd --user &", then I can enable > and run the user services defined in .config/systemd. > > The server is running Gentoo with systemd-201. Here's the systemd unit: > > kakra@vweb002 ~ $ cat /etc/systemd/system/user\@kakra.service > # This file is part of systemd. > # > # systemd is free software; you can redistribute it and/or modify it > # under the terms of the GNU Lesser General Public License as published by > # the Free Software Foundation; either version 2.1 of the License, or > # (at your option) any later version. > > [Unit] > Description=User Manager for %u > After=systemd-user-sessions.service > > [Service] > User=%I > PAMName=systemd-shared
^^ this line is the cause of your problems, as the /etc/pam.d/systemd-shared file does not exist. > # in order to allow MEM_CG features to work, add "memory:/" here > ControlGroup=%R/user/%u/shared cpu:/ > ControlGroupModify=yes > Type=notify > ExecStart=-/usr/lib/systemd/systemd --user > Environment=DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/%U/dbus/user_bus_socket > > [Install] > Alias=user@%i.service > > > # as user: > # systemctl start user@kakra.service > Failed to issue method call: Access denied > > > kakra@vweb002 ~ $ cat /etc/pam.d/system-auth > auth required pam_env.so > auth required pam_unix.so try_first_pass likeauth nullok > auth optional pam_permit.so > > account required pam_unix.so > account optional pam_permit.so > > password required pam_cracklib.so difok=2 minlen=8 dcredit=2 > ocredit=2 retry=3 > password required pam_unix.so try_first_pass use_authtok > nullok sha512 shadow > password optional pam_permit.so > > session required pam_limits.so > session required pam_env.so > session required pam_unix.so > session optional pam_permit.so > > session optional pam_loginuid.so > session optional pam_systemd.so You can copy /etc/pam.d/login to /etc/pam.d/systemd-shared, and then things should somewhat work. Additionally, you may want to copy the dbus user session service files from github.com/sofar/user-session-units to get user based dbus services working. Auke _______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel