After installing plamsa desktop, I noticed that the user the system is running at does not have any groups available except for the default group. This is seriously crippling my system, cant mount disks, cant run virtual box, etc. I am not sure what is causing the problem. It could be plasma or sddm or consolekit or something I am not even aware of. Reproducible: Always Steps to Reproduce: 1. boot the system to a command line login prompt. 2. login 3. run `groups` and get some output: "adm lp wheel floppy uucp audio cdrom video games usb portage vmware scanner plugdev wireshark vboxusers www_fanquest android kvm users" 4. startx 5. load up any terminal (konsole/xterm) and run `groups` again and get: "users" that's it. 6. interesting that running `groups $(whoami)` produces the correct result. Starting plasma with `exec "/usr/bin/startkde"` in /etc/X11/Sessions/PLASMA-5 via /etc/env.d/90xsession. On a side note, ck-list-sessions was producing the wrong information again, so I removed the nox11 arg from the pam_ck_connector.so line in /etc/pam.d/system-login
Portage 2.2.20.1 (python 2.7.10-final-0, default/linux/amd64/13.0/desktop/plasma, gcc-4.9.3, glibc-2.21-r1, 4.2.0-gentoo-r1 x86_64) ================================================================= System uname: Linux-4.2.0-gentoo-r1-x86_64-Intel-R-_Core-TM-_i7_CPU_950_@_3.07GHz-with-gentoo-2.2 KiB Mem: 24688304 total, 5008916 free KiB Swap: 2000088 total, 2000088 free Timestamp of repository gentoo: Wed, 16 Sep 2015 13:45:01 +0000 sh bash 4.3_p42 ld GNU ld (Gentoo 2.25.1 p1.1) 2.25.1 app-shells/bash: 4.3_p42::gentoo dev-java/java-config: 2.2.0::gentoo dev-lang/perl: 5.22.0::gentoo dev-lang/python: 2.7.10::gentoo, 3.4.3::gentoo dev-util/cmake: 3.3.1-r1::gentoo dev-util/pkgconfig: 0.28-r3::gentoo sys-apps/baselayout: 2.2::gentoo sys-apps/openrc: 0.17::gentoo sys-apps/sandbox: 2.7::gentoo sys-devel/autoconf: 2.13::gentoo, 2.69-r1::gentoo sys-devel/automake: 1.11.6-r1::gentoo, 1.14.1::gentoo, 1.15::gentoo sys-devel/binutils: 2.25.1-r1::gentoo sys-devel/gcc: 4.9.3::gentoo sys-devel/gcc-config: 1.8::gentoo sys-devel/libtool: 2.4.6-r1::gentoo sys-devel/make: 4.1-r1::gentoo sys-kernel/linux-headers: 4.2::gentoo (virtual/os-headers) sys-libs/glibc: 2.21-r1::gentoo Repositories: gentoo location: /usr/portage sync-type: rsync sync-uri: rsync://rsync.us.gentoo.org/gentoo-portage priority: -1000 luman location: /var/lib/layman/luman masters: gentoo priority: 0 local_overlay location: /usr/local/portage masters: gentoo priority: 1 hasufell location: /var/lib/layman/hasufell masters: gentoo priority: 50 java location: /var/lib/layman/java masters: gentoo priority: 50 miramir location: /var/lib/layman/miramir masters: gentoo priority: 50 open-overlay location: /var/lib/layman/open-overlay masters: gentoo priority: 50 proaudio location: /var/lib/layman/proaudio masters: gentoo priority: 50 science location: /var/lib/layman/science masters: gentoo priority: 50 steam-overlay location: /var/lib/layman/steam-overlay masters: gentoo priority: 50 torbrowser location: /var/lib/layman/torbrowser masters: gentoo priority: 50 tox-overlay location: /var/lib/layman/tox-overlay masters: gentoo priority: 50 wtk location: /var/lib/layman/wtk masters: gentoo priority: 50 ACCEPT_KEYWORDS="amd64 ~amd64" ACCEPT_LICENSE="*" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-march=native -O2 -fomit-frame-pointer -pipe" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="${CONFIG_PROTECT} /etc /etc/idea/conf /usr/lib64/libreoffice/program/sofficerc /usr/share/config /usr/share/gnupg/qualified.txt /usr/share/maven-bin-2.2/conf /var/lib/hsqldb" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/dconf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/php/apache2-php5.4/ext-active/ /etc/php/apache2-php5.6/ext-active/ /etc/php/cgi-php5.4/ext-active/ /etc/php/cgi-php5.6/ext-active/ /etc/php/cli-php5.4/ext-active/ /etc/php/cli-php5.6/ext-active/ /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo" CXXFLAGS="-march=native -O2 -fomit-frame-pointer -pipe" DISTDIR="/usr/portage/distfiles" EMERGE_DEFAULT_OPTS="--with-bdeps=y" FCFLAGS="-O2 -pipe" FEATURES="assume-digests binpkg-logs config-protect-if-modified distlocks ebuild-locks fixlafiles merge-sync news parallel-fetch preserve-libs protect-owned sandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync" FFLAGS="-O2 -pipe" GENTOO_MIRRORS="http://distfiles.gentoo.org" LANG="en_US.UTF-8" LDFLAGS="-Wl,-O1 -Wl,--as-needed" MAKEOPTS="-j10" PKGDIR="/usr/portage/packages" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --omit-dir-times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/var/tmp" USE="X a52 aac acl acpi alsa amd64 amr berkdb branding bzip2 cairo cdda cddb cdr cifs cli consolekit cracklib crypt cups curl custom-cflags cxx dbus declarative dri dts dvd dvdr emboss encode exif faac fam ffmpeg firefox flac fortran ftp gdbm gif glamor gnutls gpm gsm gstreamer gtk hal iconv icu ipv6 jpeg kde kipi lame lcms libnotify lm_sensors lto lzma mad mmx mmxext mng modules mozilla mp3 mp4 mpeg multilib musepack mysql ncurses networkmanager nfs nls nptl nptlonl nsplugin offensive ogg openal opengl openmp opus pam pango pcre pdf phonon pic plasma png policykit popcnt ppds python3 qml qt3support qt4 qt5 rar rdesktop rdp readline samba sdl seccomp session speex spell sqlite sse sse2 sse3 sse4 sse4_1 sse4_2 ssl ssse3 startup-notification steamgames_source_engine svg system-sqlite tcpd theora threads tiff truetype udev udisks unicode upower usb v4l vaapi vdpau vnc vorbis vpx wavpack widgets wxwidgets x264 xcb xcomposite xinerama xml xscreensaver xv xvid xvmc zip zlib" ABI_X86="64 32" ALSA_CARDS="hda-intel" APACHE2_MODULES="access_compat actions alias auth_basic authn_core authz_core authz_host autoindex dir env filter log_config mime negotiation rewrite setenvif unique_id unixd" APACHE2_MPMS="prefork" CALLIGRA_FEATURES="kexi words flow plan sheets stage tables krita karbon braindump author" CAMERAS="ptp2" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" CPU_FLAGS_X86="mmx mmxext popcnt sse sse2 sse3 sse4_1 sse4_2 ssse3" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf superstar2 timing tsip tripmate tnt ublox ubx" INPUT_DEVICES="keyboard mouse evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" LINGUAS="en en_US" NETBEANS_MODULES="apisupport cnd dlight harness ide java nb php profiler websvccommon" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php5-4 php5-6" PYTHON_SINGLE_TARGET="python3_4" PYTHON_TARGETS="python2_7 python3_4" RUBY_TARGETS="ruby20 ruby21 ruby22" SANE_BACKENDS="artec_eplus48u" USERLAND="GNU" VIDEO_CARDS="radeon" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account" USE_PYTHON="2.7 3.4" Unset: CC, CPPFLAGS, CTARGET, CXX, INSTALL_MASK, LC_ALL, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS
starting with xdm did no resolve the problem.
(In reply to Alex Barker from comment #2) > starting with xdm did no resolve the problem. When you say xdm, do you mean x11-apps/xdm, or some other (which?) display manager launched via /etc/init.d/xdm?
(In reply to Michael Palimaka (kensington) from comment #3) > (In reply to Alex Barker from comment #2) > > starting with xdm did no resolve the problem. > > When you say xdm, do you mean x11-apps/xdm, or some other (which?) display > manager launched via /etc/init.d/xdm? Hi, I mean /etc/init.d/xdm with sddm. I have tried to start plasma with `exec ck-launch-session dbus-launch --sh-syntax --exit-with-session "/usr/bin/startkde"` via xinitrc but that doesn't help either. It does make ck-list-sessions return nothing which I thought was strange. If I start via other methods ck-list-sessions does return information that suggests consolekit is broken. /etc/init.d/consolekit shows its stopped, but ps states that its crashed out but still running. Restarting consolekit does not help.
This is still an on going issue. console kit seems to be having issues handing off the session. When I boot to the terminal and run /etc/init.d/consolekit status it says stopped, but when I try to start it, it compiles that its already running. Running ps reports: root 2112 0.0 0.0 407508 5120 ? Ssl 07:41 0:00 /usr/sbin/console-kit-daemon I disabled console kit at start but it still starts for some reason: $rc-update NetworkManager | default acpid | default alsasound | boot apache2 | default binfmt | boot bootmisc | boot cupsd | default dbus | default devfs | sysinit dmesg | sysinit fsck | boot hostname | boot hwclock | boot keymaps | boot killprocs | shutdown kmod-static-nodes | sysinit lm_sensors | default local | default nonetwork localmount | boot loopback | boot modules | boot mount-ro | shutdown mtab | boot mysql | default net.lo | boot netmount | default ntpd | default numlock | default procfs | boot root | boot rpc.statd | default samba | default savecache | shutdown sshd | default swap | boot swapfiles | boot sysctl | boot sysfs | sysinit syslog-ng | default termencoding | boot tmpfiles.dev | sysinit tmpfiles.setup | boot udev | sysinit udev-trigger | sysinit urandom | boot vixie-cron | default Normally ck-list-sessions lists two sessions, but if I kill consolekit and restart it before starting X, it seems to set the session correctly, but my user still has no console permissions. $ ck-list-sessions Session1: unix-user = '1000' realname = '(null)' seat = 'Seat1' session-type = '' active = TRUE x11-display = ':0' x11-display-device = '/dev/tty7' display-device = '/dev/tty1' remote-host-name = '' is-local = TRUE on-since = '2015-10-12T14:42:07.586635Z' login-session-id = '2' Tried starting kde with exec ck-launch-session dbus-launch --sh-syntax --exit-with-session "/usr/bin/startkde" in my .xinitrc and the problem continues.
Alright this bug has been tracked down to an upstream bug that does not have a bug number as of yet. The work around is to remove setuid root on /usr/lib64/libexec/kf5/start_kdeinit. The code in question is here: http://lxr.kde.org/source/frameworks/kinit/src/start_kdeinit/start_kdeinit.c#0129
How did it get there in the first place? No setuid root on that file on my systems.
Please show us the output of `ls -l /etc/pam.d/kde*`.
(In reply to Andreas Sturmlechner from comment #7) > How did it get there in the first place? No setuid root on that file on my > systems. I have no idea. I just installed plasma through a portage update and all hell broke loose. (In reply to Andreas Sturmlechner from comment #8) > Please show us the output of `ls -l /etc/pam.d/kde*`. $ ls -l /etc/pam.d/kde* -rw-r--r-- 1 root root 226 Nov 12 19:34 /etc/pam.d/kde -rw-r--r-- 1 root root 217 Nov 12 19:34 /etc/pam.d/kde-np
(In reply to Andreas Sturmlechner from comment #7) > How did it get there in the first place? No setuid root on that file on my > systems. I am almost certain this is caused by the upstream package. After updating to kde-frameworks/kinit-5.16.0, setuid was set again on the binary.
Indeed. On Linux, if sys-libs/libcap isn't found (which is default on by USE=+caps), kinit's cmake will execute chown/chmod magic similar to kcheckpass "to protect kdeinit from misguided Linux OOM killer". I guess you have set USE=-caps? Should we switch that on unconditionally to avoid such problems?
That commit seems to be related: https://quickgit.kde.org/?p=kinit.git&a=commit&h=1086e110ae4c05af6704af0d56f93e8bb023eeff Could you please try again with patch applied? See also: https://wiki.gentoo.org/wiki//etc/portage/patches#Adding_user_patches
kinit-5.16..0-r1 is now in tree, could you confirm that this is solved?
Well -r1 still has the setuid bit set. I will have to restart kde and I am in the middle of a chkdisk. I'll have to get back to you in a few days.
Yes, that isn't wrong if you built with USE=-caps.
The patch did work. In other news kde managed to crash my entire system after the plasma desktop process was burning the CPU for 2 days. Now I am out 165 hours of processing time for the second time this month.