Am 13.01.2017 um 10:33 schrieb Juha Erkkilä:
> Package: libpam-systemd
> Version: 232-8
> Severity: normal
> 
> Dear Maintainer,
> 
> pam_group.so provides a mechanism to add users to supplementary groups
> via configurations from /etc/security/group.conf.  This mechanism
> works only partially to user desktop processes when logging in through
> gdm.  It may not be that systemd is here to blame, but my suspicion
> is that the systemd user instance is the most relevant component here.
> 
> To reproduce, install recent Debian Stretch with GDM and Gnome desktop.
> Configure pam_group.so active by adding the following line to
> /etc/pam.d/common-auth (as the last line):
> 
> auth  optional        pam_group.so

..

> However, when logging in through gdm, only some of the processes belong
> to the "dialout"-group.  To reproduce, login to Gnome desktop through
> gdm, and then start up a gnome-terminal through Alt+F2 and writing
> "gnome-terminal".  Also start up an xterm from the terminal.  Start up
> another xterm by writing Alt+F2 + "xterm".  Now the situation is strange,
> because "gnome-terminal", and the "xterm" do *not* have "dialout" as
> a supplementary group, but the "xterm" that was started through Alt+F2
> actually has!

gnome-terminal uses a systemd --user service which uses
/etc/pam.d/systemd-user
As you can see, this pam module does not include common-auth.
If you add pam_group to /etc/pam.d/systemd-user I suspect it would work.



-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?

Attachment: signature.asc
Description: OpenPGP digital signature

Reply via email to