Am 13.01.2017 um 10:33 schrieb Juha Erkkilä: > Package: libpam-systemd > Version: 232-8 > Severity: normal > > Dear Maintainer, > > pam_group.so provides a mechanism to add users to supplementary groups > via configurations from /etc/security/group.conf. This mechanism > works only partially to user desktop processes when logging in through > gdm. It may not be that systemd is here to blame, but my suspicion > is that the systemd user instance is the most relevant component here. > > To reproduce, install recent Debian Stretch with GDM and Gnome desktop. > Configure pam_group.so active by adding the following line to > /etc/pam.d/common-auth (as the last line): > > auth optional pam_group.so
.. > However, when logging in through gdm, only some of the processes belong > to the "dialout"-group. To reproduce, login to Gnome desktop through > gdm, and then start up a gnome-terminal through Alt+F2 and writing > "gnome-terminal". Also start up an xterm from the terminal. Start up > another xterm by writing Alt+F2 + "xterm". Now the situation is strange, > because "gnome-terminal", and the "xterm" do *not* have "dialout" as > a supplementary group, but the "xterm" that was started through Alt+F2 > actually has! gnome-terminal uses a systemd --user service which uses /etc/pam.d/systemd-user As you can see, this pam module does not include common-auth. If you add pam_group to /etc/pam.d/systemd-user I suspect it would work. -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth?
Description: OpenPGP digital signature