I am running Ubuntu 14.04.3 32bit OS. A few months ago I wanted to install QTCAM from source which
it requires systemd library files.
As you know 14.04 Ubuntu doesn't use systemd yet, so, as the author said
I compiled and installed systemd218 version of it.
I set prefix a local path not to mess up system configuration. I compiled and installed it.
On the next boot it failed to log in to default user session. It failed to gain access to ~/.cache directory.
When I remove it by logging in to text mode then I can log in to default user session.
After logging in I tried many things to fix it. I did sudo make uninstall
from systemd218 source folder hoping that it would roll back the changes but nothing happened.
I reinstalled all pam related packages.
I ran sudo pam-auth-update to fix authorization problems.
I visited many forums and read bug reports. Though my problem stemmed from a known reason, I met many similar symptoms without a common fix.
I found shared libraries installed by systemd218 in systemd218 source directory like
find -name *.so
./.libs/id128.so
./.libs/_journal.so
./.libs/_reader.so
./.libs/libgudev-1.0.so
./.libs/_daemon.so
./.libs/login.so
./.libs/libsystemd.so
./.libs/pam_systemd.so
./.libs/libudev.so
and reinstalled every package contains those from synaptic.
I also located conf files, they are lots.
find -name *.conf
./sysusers.d/basic.conf
./sysusers.d/systemd.conf
./sysusers.d/systemd-remote.conf
./src/timesync/timesyncd.conf
./src/core/org.freedesktop.systemd1.conf
./src/core/system.conf
./src/core/user.conf
./src/journal-remote/journal-upload.conf
./src/journal-remote/journal-remote.conf
./src/resolve/org.freedesktop.resolve1.conf
./src/resolve/resolved.conf
./src/locale/org.freedesktop.locale1.conf
./src/login/logind.conf
./src/login/org.freedesktop.login1.conf
./src/hostname/org.freedesktop.hostname1.conf
./src/bootchart/bootchart.conf
./src/udev/udev.conf
./src/journal/coredump.conf
./src/journal/journald.conf
./src/machine/org.freedesktop.machine1.conf
./src/timedate/org.freedesktop.timedate1.conf
./test/bus-policy/hello.conf
./test/bus-policy/methods.conf
./test/bus-policy/test.conf
./test/bus-policy/signals.conf
./test/bus-policy/check-own-rules.conf
./test/bus-policy/ownerships.conf
./test/bus-policy/many-rules.conf
./sysctl.d/50-default.conf
./sysctl.d/50-coredump.conf
./factory/etc/nsswitch.conf
./tmpfiles.d/var.conf
./tmpfiles.d/etc.conf
./tmpfiles.d/x11.conf
./tmpfiles.d/systemd-nologin.conf
./tmpfiles.d/tmp.conf
./tmpfiles.d/systemd.conf
./tmpfiles.d/legacy.conf
./tmpfiles.d/systemd-remote.conf
Most important ones must be udev rules. I think one of them broke my system.
find -name *.rules
./src/login/71-seat.rules
./src/login/73-seat-late.rules
./src/login/70-uaccess.rules
./src/login/70-power-switch.rules
./src/vconsole/90-vconsole.rules
./rules/60-persistent-serial.rules
./rules/60-persistent-alsa.rules
./rules/80-net-setup-link.rules
./rules/61-accelerometer.rules
./rules/50-udev-default.rules
./rules/60-persistent-input.rules
./rules/80-drivers.rules
./rules/60-persistent-storage-tape.rules
./rules/75-probe_mtd.rules
./rules/75-tty-description.rules
./rules/70-mouse.rules
./rules/60-cdrom_id.rules
./rules/95-udev-late.rules
./rules/60-drm.rules
./rules/42-usb-hid-pm.rules
./rules/75-net-description.rules
./rules/99-systemd.rules
./rules/60-persistent-v4l.rules
./rules/60-keyboard.rules
./rules/64-btrfs.rules
./rules/60-persistent-storage.rules
./rules/78-sound-card.rules
It has many other symptomps such as:
- Gui applications don't prompt elavated privileges to enter password.
For example when I click account type -> change button in
users-adminwindow nothing happens ( gksu runs OK) - Nautilus doesn't mount partitions when I click them on the device list. I get "Not authorized to perform operation" error.
- Lightdm background image can not update according to user wallpaper.
- When I click nm-applet info section I get "No active connections found" error, though network connects automatically.
I can not reboot without root privileges which must reboot without
sudowith following command :dbus-send --system --print-reply --dest="org.freedesktop.ConsoleKit" /org/freedesktop/ConsoleKit/Manager org.freedesktop.ConsoleKit.Manager.Restart
I get
org.freedesktop.ConsoleKit.Manager.NotPrivileged: Not Authorized error.
I like my desktop session, I don't want to reinstall whole system. Though it's uncomfortable to enter root privileges to run some applications, I can live with it if one of the smart guys doesn't find a solution.
EDIT:
dpkg -l | grep 'pol.*kit'
ii gir1.2-polkit-1.0 0.105-4ubuntu3.14.04.1 i386 GObject introspection data for PolicyKit
ii libpolkit-agent-1-0:i386 0.105-4ubuntu3.14.04.1 i386 PolicyKit Authentication Agent API
ii libpolkit-backend-1-0:i386 0.105-4ubuntu3.14.04.1 i386 PolicyKit backend API
ii libpolkit-gobject-1-0:i386 0.105-4ubuntu3.14.04.1 i386 PolicyKit Authorization API
ii libpolkit-qt-1-1 0.103.0-1ubuntu1 i386 PolicyKit-qt-1 library
ii plainbox-secure-policy 0.5.3-2 all policykit policy required to use plainbox (secure version)
ii policykit-1 0.105-4ubuntu3.14.04.1 i386 framework for managing administrative policies and privileges
ii policykit-1-gnome 0.105-1ubuntu4 i386 GNOME authentication agent for PolicyKit-1
ii policykit-desktop-privileges 0.17 all run common desktop actions without password
EDIT2: As Steeldriver intuitively led me on the right path
/usr/lib/policykit-1-gnome/polkit-gnome-authentication-agent-1
fails to start:
/usr/lib/policykit-1-gnome/polkit-gnome-authentication-agent-1
(polkit-gnome-authentication-agent-1:10331): Gtk-WARNING **: Theme parsing error: unity.css:111:9: 'shade' is not a valid property name
(polkit-gnome-authentication-agent-1:10331): polkit-gnome-1-WARNING **: Unable to determine the session we are in: No session for pid 10331
I use lightdm display manager and gnome-cairo-dock session.
I tried running exec gnome-session & in terminal which gives me more clues.
I got following output :
(gnome-session:23129): Gtk-WARNING **: Theme parsing error: unity.css:111:9: 'shade' is not a valid property name
(gnome-session-check-accelerated:23133): Gtk-WARNING **: Theme parsing error: unity.css:111:9: 'shade' is not a valid property name
gnome-session[23129]: WARNING: Could not get session id for session. Check that logind is properly installed and pam_systemd is getting used at login.
EDIT:3
I add /etc/pam.d/* files. I thought sudo pam-auth-update --force would fix the pam configuration but when I modify umask=0022 to umask=022 in /etc/pam.d/common-session it did not notice the modification, and issued no warning.
$ grep '^[^#]' /etc/pam.d/common-auth | sed 's/^/ /'
auth [success=3 default=ignore] pam_unix.so nullok_secure
auth [success=2 default=ignore] pam_winbind.so krb5_auth krb5_ccache_type=FILE cached_login try_first_pass
auth [success=1 default=ignore] pam_ldap.so minimum_uid=1000 use_first_pass
auth requisite pam_deny.so
auth sufficient pam_usb.so
auth required pam_permit.so
auth optional pam_mount.so
auth optional pam_smbpass.so migrate
auth optional pam_cap.so
$ grep '^[^#]' /etc/pam.d/common-account | sed 's/^/ /'
account [success=2 new_authtok_reqd=done default=ignore] pam_unix.so
account [success=1 new_authtok_reqd=done default=ignore] pam_winbind.so
account requisite pam_deny.so
account required pam_permit.so
account [success=ok new_authtok_reqd=done ignore=ignore user_unknown=ignore authinfo_unavail=ignore default=bad] pam_ldap.so minimum_uid=1000
$ grep '^[^#]' /etc/pam.d/common-session | sed 's/^/ /'
session [default=1] pam_permit.so
session requisite pam_deny.so
session required pam_permit.so
session optional pam_umask.so umask=0022
session required pam_unix.so try_first_pass nullok_secure
session required pam_unix.so
session optional pam_winbind.so
session optional pam_mount.so
session [success=ok default=ignore] pam_ldap.so minimum_uid=1000
session optional pam_systemd.so
session optional pam_ck_connector.so nox11
$ grep '^[^#]' /etc/pam.d/common-password | sed 's/^/ /'
password [success=3 default=ignore] pam_unix.so obscure sha512
password [success=2 default=ignore] pam_winbind.so use_authtok try_first_pass
password [success=1 default=ignore] pam_ldap.so minimum_uid=1000 try_first_pass
password requisite pam_deny.so
password required pam_permit.so
password optional pam_smbpass.so nullok use_authtok use_first_pass
password optional pam_gnome_keyring.so
Symptoms and proposed solutions are almost identical to this bug
one of the guys there claims that appending
session required pam_loginuid.so
session required pam_systemd.so
lines to /etc/pam.d/lightdm fixes the bug. I tried it but it breaks lightdm, I even could not login with it.
$ grep '^[^#]' /etc/pam.d/lightdm | sed 's/^/ /'
auth requisite pam_nologin.so
auth sufficient pam_succeed_if.so user ingroup nopasswdlogin
@include common-auth
auth optional pam_gnome_keyring.so
auth optional pam_kwallet.so
@include common-account
session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
session required pam_limits.so
@include common-session
session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
session optional pam_gnome_keyring.so auto_start
session optional pam_kwallet.so auto_start
session required pam_env.so readenv=1
session required pam_env.so readenv=1 user_readenv=1 envfile=/etc/default/locale
@include common-password
EDIT:4
Today when I saw udev and systemd updates in package I thought I was blessed thinking that update would fix the problem, but unfortunately nothing changed.
Here are the updated packages:
gir1.2-gudev-1.0 (1:204-5ubuntu20.17) to 1:204-5ubuntu20.18
libgudev-1.0-0 (1:204-5ubuntu20.17) to 1:204-5ubuntu20.18
libgudev-1.0-dev (1:204-5ubuntu20.17) to 1:204-5ubuntu20.18
libpam-systemd (204-5ubuntu20.17) to 204-5ubuntu20.18
libsystemd-daemon-dev (204-5ubuntu20.17) to 204-5ubuntu20.18
libsystemd-daemon0 (204-5ubuntu20.17) to 204-5ubuntu20.18
libsystemd-id128-0 (204-5ubuntu20.17) to 204-5ubuntu20.18
libsystemd-id128-dev (204-5ubuntu20.17) to 204-5ubuntu20.18
libsystemd-journal0 (204-5ubuntu20.17) to 204-5ubuntu20.18
libsystemd-login-dev (204-5ubuntu20.17) to 204-5ubuntu20.18
libsystemd-login0 (204-5ubuntu20.17) to 204-5ubuntu20.18
libudev-dev (204-5ubuntu20.17) to 204-5ubuntu20.18
libudev1 (204-5ubuntu20.17) to 204-5ubuntu20.18
python-systemd (204-5ubuntu20.17) to 204-5ubuntu20.18
systemd-services (204-5ubuntu20.17) to 204-5ubuntu20.18
udev (204-5ubuntu20.17) to 204-5ubuntu20.18
So, what might be the problem?
EDIT:5
Today I noticed that after the problem arose when I tried to set more permissive authorship I wrongly messed up the ownership in /etc/polkit-1/localauthority I issued sudo chown -R 777 /etc/polkit-1 instead of sudo chmod -R 755 /etc/polkit-1 . I set it to sudo chown root:root -R /etc/polkit-1 today.
By the way I noticed that /usr/lib/policykit-1-gnome/polkit-gnome-authentication-agent-1 is not that important. I even removed the package that contains it ( policykit-1-gnome ). I tested if it did any change, nothing changed. Then I removed consolekit to see the function of it, when I removed it apt-get reinstalled policykit-1-gnome, berevity of consolekit has no effect on solving the authentication problem I have too.
I don't know if it's important, here is the pam-auth-update list:
│ [*] Unix authentication
│ [*] Winbind NT/Active Directory authentication
│ [*] Mount volumes for user
│ [*] LDAP Authentication
│ [*] Register user sessions in the systemd control group hierarchy
│ [*] SMB password synchronization
│ [*] GNOME Keyring Daemon - Login keyring management
│ [*] ConsoleKit Session Management
│ [*] Inheritable Capabilities Management
EDIT:6
I am beginning to think that it has nothing to do with my modification to file system. I noticed that upstart job is not running. May it be related to upstart -> systemd transition of init process?
Because
echo $UPSTART_SESSION
and
initctl list-sessions
returns empty string.
I wonder how my system boots up?
