Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 914629 - =x11-misc/sddm-0.20.0-r1: Invalid list of groups in KDE session
Summary: =x11-misc/sddm-0.20.0-r1: Invalid list of groups in KDE session
Status: UNCONFIRMED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: AMD64 Linux
: Normal major
Assignee: LxQt maintainers
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2023-09-25 06:54 UTC by Mickaël Bucas
Modified: 2023-09-25 17:19 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Mickaël Bucas 2023-09-25 06:54:56 UTC
When using using SDDM 0.20.0, I get the groups of my user concatenated after the groups of the root user
In this case, the problems are:
- I get access to groups I shouldn't have access to
- There are some duplicate groups in the list
- I can't write on NFS because the allowed group is above the 16 groups limit of NFS

I've set the severity to "Major" because of the groups of root I get access to.

However when using SDDM 0.18.1 I get the right list of groups for my user (see below).
When I login through SSH, I also get the right list of groups, so it seems it's limited to SDDM.

I've already noticed a similar bug in SDDM 0.18.0 and reported it to the SDDM project on 2019-04-20
https://github.com/sddm/sddm/issues/1159
I don't really understand how it evolved since it seems to have been resolved in 0.18.1, but the bug is still open.
Maybe it was resolved by the following patch in Gentoo, which references the issue I created :)
x11-misc/sddm/files/sddm-0.18.1-honor-PAM-supplemental-groups-v2.patch.

$ emerge -pv1 x11-misc/sddm

These are the packages that would be merged, in order:

Calculating dependencies... done!
Dependency resolution took 2.08 s.

[ebuild   R    ] x11-misc/sddm-0.20.0-r1::gentoo  USE="elogind -systemd -test" 0 KiB

Total: 1 package (1 reinstall), Size of downloads: 0 KiB
# Effective groups under SDDM 0.20.0
$ groups
root bin daemon sys adm disk lp wheel wheel floppy uucp cron audio dialout tape video video games apache usb transmission portage vboxusers xfs allowssh allowssh users mick
# User's configured groups
$ groups mick
lp wheel cron audio video games apache usb transmission portage vboxusers xfs allowssh users mick
# Duplicates
$ groups|tr ' ' '\n'|sort|uniq -c|sort -n
      1 adm
      1 apache
      1 audio
      1 bin
      1 cron
      1 daemon
      1 dialout
      1 disk
      1 floppy
      1 games
      1 lp
      1 mick
      1 portage
      1 root
      1 sys
      1 tape
      1 transmission
      1 usb
      1 users
      1 uucp
      1 vboxusers
      1 xfs
      2 allowssh
      2 video
      2 wheel
# New login through SSH
$ ssh localhost
# Correct list of groups
$ groups
lp wheel cron audio video games apache usb transmission portage vboxusers xfs allowssh users mick


# After masking 0.20.0, emerging 0.18.1 and restarting /etc/init.d/display-manager
$ emerge -pv1 x11-misc/sddm

These are the packages that would be merged, in order:

Calculating dependencies... done!
Dependency resolution took 2.07 s.

[ebuild   R    ] x11-misc/sddm-0.18.1-r8::gentoo  USE="elogind pam -systemd -test" 0 KiB

Total: 1 package (1 reinstall), Size of downloads: 0 KiB
# Effective groups are equal to configured groups
$ groups
lp wheel cron audio video games apache usb transmission portage vboxusers xfs allowssh users mick
# User's configured groups
$ groups mick
lp wheel cron audio video games apache usb transmission portage vboxusers xfs allowssh users mick


Reproducible: Always

Steps to Reproduce:
1. Update to SDDM 0.20.0 =x11-misc/sddm-0.20.0-r1 and restart service
2. Open a KDE session

Actual Results:  
Invalid list of groups

Expected Results:  
The user should only have the configured groups in the session

Portage 3.0.49 (python 3.11.5-final-0, default/linux/amd64/17.1, gcc-12, glibc-2.37-r3, 6.1.53-gentoo-x86_64 x86_64)
=================================================================
System uname: Linux-6.1.53-gentoo-x86_64-x86_64-AMD_Ryzen_7_5700X_8-Core_Processor-with-glibc2.37
KiB Mem:    32777164 total,   3882244 free
KiB Swap:   33554428 total,  33548284 free
Timestamp of repository gentoo: Mon, 25 Sep 2023 00:31:32 +0000
Head commit of repository gentoo: 5720c84c9e9aa6ac10120e3e64dbf7def0028358

Timestamp of repository steam-overlay: Sat, 23 Sep 2023 20:31:33 +0000
Head commit of repository steam-overlay: 275ac47be3a1baa90b370f1600884e2f979e5bd7

sh bash 5.1_p16-r6
ld GNU ld (Gentoo 2.40 p5) 2.40.0
distcc 3.4 x86_64-pc-linux-gnu [disabled]
app-misc/pax-utils:        1.3.5::gentoo
app-shells/bash:           5.1_p16-r6::gentoo
dev-java/java-config:      2.3.1-r1::gentoo
dev-lang/perl:             5.38.0-r1::gentoo
dev-lang/python:           3.11.5::gentoo
dev-lang/rust:             1.72.0::gentoo
dev-util/cmake:            3.26.5-r2::gentoo
dev-util/meson:            1.2.1-r1::gentoo
sys-apps/baselayout:       2.14::gentoo
sys-apps/openrc:           0.48::gentoo
sys-apps/sandbox:          2.37::gentoo
sys-devel/autoconf:        2.13-r7::gentoo, 2.71-r6::gentoo
sys-devel/automake:        1.16.5-r1::gentoo
sys-devel/binutils:        2.40-r5::gentoo
sys-devel/binutils-config: 5.5::gentoo
sys-devel/clang:           15.0.7-r3::gentoo, 16.0.6::gentoo, 17.0.1::gentoo
sys-devel/gcc:             12.3.1_p20230526::gentoo, 13.2.1_p20230826::gentoo
sys-devel/gcc-config:      2.11::gentoo
sys-devel/libtool:         2.4.7-r1::gentoo
sys-devel/lld:             16.0.6::gentoo
sys-devel/llvm:            15.0.7-r3::gentoo, 16.0.6::gentoo, 17.0.1::gentoo
sys-devel/make:            4.4.1-r1::gentoo
sys-kernel/linux-headers:  6.1::gentoo (virtual/os-headers)
sys-libs/glibc:            2.37-r3::gentoo
Repositories:

gentoo
    location: /var/db/repos/gentoo
    sync-type: git
    sync-uri: https://github.com/gentoo-mirror/gentoo.git
    priority: -1000
    volatile: False
    sync-git-verify-commit-signature: yes

mbucas
    location: /data/Code/GitHub/gentoo-overlay
    masters: gentoo
    volatile: True

steam-overlay
    location: /var/db/repos/steam-overlay
    sync-type: git
    sync-uri: https://github.com/gentoo-mirror/steam-overlay.git
    masters: gentoo
    volatile: False

Installed sets: @xorg-x11-apps, @xorg-x11-fonts
ACCEPT_KEYWORDS="amd64"
ACCEPT_LICENSE="*"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-O3 -pipe -fomit-frame-pointer -march=native"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/share/config /usr/share/gnupg/qualified.txt /var/spool/munin-async/.ssh"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/dconf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/php/apache2-php8.1/ext-active/ /etc/php/cgi-php8.1/ext-active/ /etc/php/cli-php8.1/ext-active/ /etc/php/fpm-php8.1/ext-active/ /etc/php/phpdbg-php8.1/ext-active/ /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo /etc/texmf/language.dat.d /etc/texmf/language.def.d /etc/texmf/updmap.d /etc/texmf/web2c"
CXXFLAGS="-O3 -pipe -fomit-frame-pointer -march=native"
DISTDIR="/var/cache/distfiles"
EMERGE_DEFAULT_OPTS="--jobs 20 --load-average 20"
ENV_UNSET="CARGO_HOME DBUS_SESSION_BUS_ADDRESS DISPLAY GDK_PIXBUF_MODULE_FILE GOBIN GOPATH PERL5LIB PERL5OPT PERLPREFIX PERL_CORE PERL_MB_OPT PERL_MM_OPT XAUTHORITY XDG_CACHE_HOME XDG_CONFIG_HOME XDG_DATA_HOME XDG_RUNTIME_DIR XDG_STATE_HOME"
FCFLAGS="-O2 -pipe"
FEATURES="assume-digests binpkg-docompress binpkg-dostrip binpkg-logs buildpkg-live config-protect-if-modified distlocks ebuild-locks fixlafiles ipc-sandbox merge-sync multilib-strict network-sandbox news parallel-fetch pid-sandbox preserve-libs protect-owned qa-unresolved-soname-deps sandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync xattr"
FFLAGS="-O2 -pipe"
GENTOO_MIRRORS="http://distfiles.gentoo.org"
LANG="fr_FR.UTF-8"
LDFLAGS="-Wl,-O1 -Wl,--as-needed"
LEX="flex"
LINGUAS="fr"
MAKEOPTS="--jobs 20 --load-average 20"
PKGDIR="/var/cache/binpkgs"
PORTAGE_CONFIGROOT="/"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --omit-dir-times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --exclude=/.git"
PORTAGE_TMPDIR="/var/tmp"
SHELL="/bin/bash"
USE="X alsa amd64 bash-completion bzip2 cairo cli crypt dbus dri elogind encode exif ffmpeg flac fontconfig fortran gd gif graphviz gstreamer gtk iconv imlib ipv6 java jpeg kde libtirpc mad mng mp3 mpeg multilib mysql ncurses nls nptl ogg opengl openmp pam pcre perl php png postgres python qt5 quicktime readline samba sdl seccomp spell split-usr sql ssl svg test-rust tiff truetype udev unicode vaapi vdpau vhosts vorbis xattr xml xpm xv zlib" ABI_X86="64 32" ADA_TARGET="gnat_2021" APACHE2_MODULES="actions alias auth_basic auth_digest authn_anon authn_core authn_dbd authn_dbm authn_default authn_file authz_core authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock dbd deflate dir disk_cache env expires ext_filter file_cache filter headers ident imagemap include info log_config logio mem_cache mime mime_magic negotiation proxy proxy_ajp proxy_balancer proxy_connect proxy_http proxy_html rewrite setenvif slotmem_shm so socache_shmcb speling status unique_id unixd userdir usertrack vhost_alias xml2enc" CALLIGRA_FEATURES="karbon sheets words" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" CPU_FLAGS_X86="mmx mmxext sse sse2 aes avx avx2 f16c fma3 pclmul popcnt rdrand sha sse3 sse4_1 sse4_2 sse4a ssse3" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock greis isync itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf skytraq superstar2 timing tsip tripmate tnt ublox ubx" INPUT_DEVICES="libinput" KERNEL="linux" L10N="fr" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" LUA_SINGLE_TARGET="lua5-1" LUA_TARGETS="lua5-1" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php8-1" POSTGRES_TARGETS="postgres15" PYTHON_SINGLE_TARGET="python3_11" PYTHON_TARGETS="python3_11" QEMU_SOFTMMU_TARGETS="i386 x86_64" QEMU_USER_TARGETS="i386 x86_64" RUBY_TARGETS="ruby31" VIDEO_CARDS="nvidia" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq proto steal rawnat logmark ipmark dhcpmac delude chaos account"
Unset:  ADDR2LINE, AR, ARFLAGS, AS, ASFLAGS, CC, CCLD, CONFIG_SHELL, CPP, CPPFLAGS, CTARGET, CXX, CXXFILT, ELFEDIT, EXTRA_ECONF, F77FLAGS, FC, GCOV, GPROF, INSTALL_MASK, LC_ALL, LD, LFLAGS, LIBTOOL, MAKE, MAKEFLAGS, NM, OBJCOPY, OBJDUMP, PORTAGE_BINHOST, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, RANLIB, READELF, RUSTFLAGS, SIZE, STRINGS, STRIP, YACC, YFLAGS
Comment 1 Mike Gilbert gentoo-dev 2023-09-25 17:19:19 UTC
Yes, this was fixed in sddm-0.18.1 by applying sddm-0.18.1-honor-PAM-supplemental-groups-v2.patch.

Unfortunately, it seems the fix was never merged upstream. The code has changed enough that applying the same patch is not possible.