Re: [systemd-devel] systemd (user) and (sd-pam) (user) processes in login shell

2015-12-22 Thread Reindl Harald 



Am 23.12.2015 um 01:45 schrieb Lennart Poettering:

On Tue, 22.12.15 01:36, Kai Krakow (hurikha...@gmail.com) wrote:


Am Tue, 8 Dec 2015 01:36:01 +0200
schrieb Mantas Mikulėnas :


What uid does "oracle" have – is it within the system account range
(usually 1–999) or user account (1000–)? I wonder if it's the latter,
which would mean systemd-logind would clean up various things like
IPC on logout... (see logind.conf)


Is this hard-coded in systemd (uid 0..999 and 1000+) or is it read from
login.defs?


We do not read login.defs


which is a mistake


It's a compile-time setting (configure
--with-system-uid-max=). The distros choose the right cutoff, not the
admins


there are setups much older than systemd existed and fedora (as example) 
changed from 500 to 100 - hence a compile time setting is wrong by 
design when there was a config file over many years




signature.asc
Description: OpenPGP digital signature
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] systemd (user) and (sd-pam) (user) processes in login shell

2015-12-22 Thread Lennart Poettering 
On Tue, 22.12.15 01:36, Kai Krakow (hurikha...@gmail.com) wrote:

> Am Tue, 8 Dec 2015 01:36:01 +0200
> schrieb Mantas Mikulėnas :
> 
> > What uid does "oracle" have – is it within the system account range
> > (usually 1–999) or user account (1000–)? I wonder if it's the latter,
> > which would mean systemd-logind would clean up various things like
> > IPC on logout... (see logind.conf)
> 
> Is this hard-coded in systemd (uid 0..999 and 1000+) or is it read from
> login.defs?

We do not read login.defs. It's a compile-time setting (configure
--with-system-uid-max=). The distros choose the right cutoff, not the
admins.

Lennart

-- 
Lennart Poettering, Red Hat
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] systemd (user) and (sd-pam) (user) processes in login shell

2015-12-22 Thread Mike Gilbert 
On Mon, Dec 21, 2015 at 9:54 PM, Kai Krakow  wrote:
> Am Mon, 21 Dec 2015 21:43:24 -0500
> schrieb Mike Gilbert :
>
>> On Mon, Dec 21, 2015 at 7:36 PM, Kai Krakow 
>> wrote:
>> > Am Tue, 8 Dec 2015 01:36:01 +0200
>> > schrieb Mantas Mikulėnas :
>> >
>> >> What uid does "oracle" have – is it within the system account range
>> >> (usually 1–999) or user account (1000–)? I wonder if it's the
>> >> latter, which would mean systemd-logind would clean up various
>> >> things like IPC on logout... (see logind.conf)
>> >
>> > Is this hard-coded in systemd (uid 0..999 and 1000+) or is it read
>> > from login.defs?
>> >
>> > Because I cannot find anything related to it in logind.conf which
>> > leads me to the assumption your reference was about RemoveIPC and
>> > friends only...
>>
>> I rather doubt the numeric value of the oracle UID has anything to do
>> with the problem you are having.
>>
>> With systemd, you really cannot start daemons from an interactive
>> shell. Rather, you need to define a service unit, and call "systemctl
>> start" to start long-running daemons.
>
> I think we are talking different here. My question is a spin-off of the
> OP.

Sorry for the mis-reply.
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] systemd (user) and (sd-pam) (user) processes in login shell

2015-12-22 Thread Mantas Mikulėnas 
On Tue, Dec 22, 2015 at 2:36 AM, Kai Krakow  wrote:

> Am Tue, 8 Dec 2015 01:36:01 +0200
> schrieb Mantas Mikulėnas :
>
> > What uid does "oracle" have – is it within the system account range
> > (usually 1–999) or user account (1000–)? I wonder if it's the latter,
> > which would mean systemd-logind would clean up various things like
> > IPC on logout... (see logind.conf)
>
> Is this hard-coded in systemd (uid 0..999 and 1000+) or is it read from
> login.defs?
>
> Because I cannot find anything related to it in logind.conf which leads
> me to the assumption your reference was about RemoveIPC and friends
> only...
>

It's set at compile (configure) time – either obtained from the compile
host's login.defs or set with --with-system-uid-max=UID.

-- 
Mantas Mikulėnas 
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] systemd (user) and (sd-pam) (user) processes in login shell

2015-12-22 Thread Mantas Mikulėnas 
On Tue, Dec 22, 2015 at 4:43 AM, Mike Gilbert  wrote:

> On Mon, Dec 21, 2015 at 7:36 PM, Kai Krakow  wrote:
> > Am Tue, 8 Dec 2015 01:36:01 +0200
> > schrieb Mantas Mikulėnas :
> >
> >> What uid does "oracle" have – is it within the system account range
> >> (usually 1–999) or user account (1000–)? I wonder if it's the latter,
> >> which would mean systemd-logind would clean up various things like
> >> IPC on logout... (see logind.conf)
> >
> > Is this hard-coded in systemd (uid 0..999 and 1000+) or is it read from
> > login.defs?
> >
> > Because I cannot find anything related to it in logind.conf which leads
> > me to the assumption your reference was about RemoveIPC and friends
> > only...
>
> I rather doubt the numeric value of the oracle UID has anything to do
> with the problem you are having.
>

It does, as Oracle uses SysV IPC and logind's behavior depends on UID.

-- 
Mantas Mikulėnas 
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] systemd (user) and (sd-pam) (user) processes in login shell

2015-12-21 Thread Kai Krakow 
Am Tue, 8 Dec 2015 01:36:01 +0200
schrieb Mantas Mikulėnas :

> What uid does "oracle" have – is it within the system account range
> (usually 1–999) or user account (1000–)? I wonder if it's the latter,
> which would mean systemd-logind would clean up various things like
> IPC on logout... (see logind.conf)

Is this hard-coded in systemd (uid 0..999 and 1000+) or is it read from
login.defs?

Because I cannot find anything related to it in logind.conf which leads
me to the assumption your reference was about RemoveIPC and friends
only...

-- 
Regards,
Kai

Replies to list-only preferred.


___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] systemd (user) and (sd-pam) (user) processes in login shell

2015-12-21 Thread Mike Gilbert 
On Mon, Dec 21, 2015 at 7:36 PM, Kai Krakow  wrote:
> Am Tue, 8 Dec 2015 01:36:01 +0200
> schrieb Mantas Mikulėnas :
>
>> What uid does "oracle" have – is it within the system account range
>> (usually 1–999) or user account (1000–)? I wonder if it's the latter,
>> which would mean systemd-logind would clean up various things like
>> IPC on logout... (see logind.conf)
>
> Is this hard-coded in systemd (uid 0..999 and 1000+) or is it read from
> login.defs?
>
> Because I cannot find anything related to it in logind.conf which leads
> me to the assumption your reference was about RemoveIPC and friends
> only...

I rather doubt the numeric value of the oracle UID has anything to do
with the problem you are having.

With systemd, you really cannot start daemons from an interactive
shell. Rather, you need to define a service unit, and call "systemctl
start" to start long-running daemons.
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] systemd (user) and (sd-pam) (user) processes in login shell

2015-12-21 Thread Kai Krakow 
Am Mon, 21 Dec 2015 21:43:24 -0500
schrieb Mike Gilbert :

> On Mon, Dec 21, 2015 at 7:36 PM, Kai Krakow 
> wrote:
> > Am Tue, 8 Dec 2015 01:36:01 +0200
> > schrieb Mantas Mikulėnas :
> >
> >> What uid does "oracle" have – is it within the system account range
> >> (usually 1–999) or user account (1000–)? I wonder if it's the
> >> latter, which would mean systemd-logind would clean up various
> >> things like IPC on logout... (see logind.conf)
> >
> > Is this hard-coded in systemd (uid 0..999 and 1000+) or is it read
> > from login.defs?
> >
> > Because I cannot find anything related to it in logind.conf which
> > leads me to the assumption your reference was about RemoveIPC and
> > friends only...
> 
> I rather doubt the numeric value of the oracle UID has anything to do
> with the problem you are having.
> 
> With systemd, you really cannot start daemons from an interactive
> shell. Rather, you need to define a service unit, and call "systemctl
> start" to start long-running daemons.

I think we are talking different here. My question is a spin-off of the
OP.

Mantas actually made the connection between user and system uid range
to systemd behavior. I just wondered, if this is:

  [_] an assumption based on guessing (don't put a cross here)
  [_] hard-coded which personally I'd find surprising
  [_] configurable and I didn't find the knob

But putting one and one together, your answer means (to the OP):

  Don't start daemons directly from a shell and exit. Systemd will blast
  them away. Defined behavior.

Yes, it won't work.

-- 
Regards,
Kai

Replies to list-only preferred.


___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] systemd (user) and (sd-pam) (user) processes in login shell

2015-12-21 Thread Michael Biebl 
2015-12-22 3:43 GMT+01:00 Mike Gilbert :
> With systemd, you really cannot start daemons from an interactive
> shell.

Well, there is systemd-run ...



-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] systemd (user) and (sd-pam) (user) processes in login shell

2015-12-07 Thread Mantas Mikulėnas 
On Tue, Dec 8, 2015 at 5:04 AM,  wrote:

> On Monday, December 07, 2015 11:28:54 PM you wrote:
>
> > It might be clearer if you described how exactly the daemon is started
> and
>
> > which cgroup it runs under (according to systemd-cgls). Perhaps you're
>
> > starting it directly from the shell, and not via systemctl as intended?
>
> >
>
>
>
> Oracle (database and listener) is started in two different ways:
>
>
>
> 1. Via root console executing the command:
>
>
>
> # su - oracle -l -c '${ORACLE_HOME}/bin/dbstart'
>
>
>
> If Oracle is started in this way, the processes 'systemd (oracle)' and
> '(sd-pam) (oracle)' DO NOT appear. And that's the problem. Seems that
> oracle daemon cannot live without these processes and it dies (shutdown by
> itself) very soon (after 5-15 minutes working). The lack of these processes
> is the cause of the crash here.
>
>
>
> 2. By logging in directly as 'oracle' user to console (tty). In this case
> the processes 'systemd (oracle)' and '(sd-pam) (oracle)' appear immediately
> after logging to console. The database and listener is then started
> executing 'dbstart' from console. This way Oracle never crashes, except if
> I deliberately kill the two processes as root during the session and Oracle
> crashes immediately.
>

I see. This doesn't kill Oracle by itself, however, it still can cause
various other problems. You really should launch daemons through a systemd
.service, Oracle is no exception.

> The "systemd --user" process is meant for interactive users (as in, not
>
> > system accounts) – it acts as the user's personal service manager. I
> don't
>
> > think lack of that process is the cause here, maybe an effect instead –
>
> > killing it is part of logind's cleanup when a user logs out.
>
>
>
> No, the lack of these processes is the cause of the crash, as I already
> said above. So far as these processes are running, no fear of Oracle's
> crash.
>

Correlation does not imply causation. These processes do nothing relevant
by themselves; their presence only indicates that a systemd-logind _user
session_ exists, which is the cause.

> What uid does "oracle" have – is it within the system account range
>
> > (usually 1–999) or user account (1000–)? I wonder if it's the latter,
> which
>
> > would mean systemd-logind would clean up various things like IPC on
>
> > logout... (see logind.conf)
>
>
>
> [root@proton ~]# id oracle
>
> uid=54321(oracle) gid=54321(oinstall)
> groups=54321(oinstall),54322(dba),54323(oper),54324(backupdba),54325(dgdba),54326(kmdba),54327(asmdba)
>

Ok, so the UID is the problem. (These look suspiciously like made-up
numbers, but I'm guessing they are centrally-managed accounts, maybe NIS or
LDAP.)

So, since "oracle" has an UID ≥ 1000, and since you probably cannot change
that, you should instead *disable RemoveIPC= in /etc/systemd/logind.conf*
to disable the automatic IPC cleanup.

-- 
Mantas Mikulėnas 
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

[systemd-devel] systemd (user) and (sd-pam) (user) processes in login shell

2015-12-07 Thread Niksa Jurinovic 
Hello,

I am new to systemd init system as well as to fresh installed Fedora 23
Server, and I would like to put a question related to 'systemd (user)'
and '(sd-pam) (user)' processes invoked under each and every one user's
login shell. The first process is '/usr/lib/systemd/systemd --user' with
PPID=1 and the second is its child process '(sd-pam)'.  

What do these processes exactly do and why does my Oracle 12c
database instance (started by 'oracle' user) always crash (silently
shutdown by itself) WITHOUT these processes (or if they are killed)?
When it happens, the database instance is down, and the oracle alert.log
shows semaphore memory corruption:

ORA-27300: OS system dependent operation:semctl failed with status: 22
ORA-27301: OS failure message: Invalid argument
ORA-27302: failure occurred at: sskgpwrm1
ORA-27157: OS post/wait facility removed
ORA-27300: OS system dependent operation:semop failed with status: 43
ORA-27301: OS failure message: Identifier removed
ORA-27302: failure occurred at: sskgpwwait1
ksmsdes: Error destroying SGA
Instance termination got error 27120 from SGA destruction.

If these processes are active for 'oracle' user, Oracle instance never
crashes.

Thank you very much.
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] systemd (user) and (sd-pam) (user) processes in login shell

2015-12-07 Thread Mantas Mikulėnas 
(Hmm, wonder if Inbox's "Undo send" works or if I ended up spamming the
list...)

On Dec 8, 2015 00:19, "Niksa Jurinovic"  wrote:
>
> Hello,
>
> I am new to systemd init system as well as to fresh installed Fedora 23
> Server, and I would like to put a question related to 'systemd (user)'
> and '(sd-pam) (user)' processes invoked under each and every one user's
> login shell. The first process is '/usr/lib/systemd/systemd --user' with
> PPID=1 and the second is its child process '(sd-pam)'.
>
> What do these processes exactly do and why does my Oracle 12c
> database instance (started by 'oracle' user) always crash (silently
> shutdown by itself) WITHOUT these processes (or if they are killed)?
> When it happens, the database instance is down, and the oracle alert.log
> shows semaphore memory corruption:

It might be clearer if you described how exactly the daemon is started and
which cgroup it runs under (according to systemd-cgls). Perhaps you're
starting it directly from the shell, and not via systemctl as intended?

The "systemd --user" process is meant for interactive users (as in, not
system accounts) – it acts as the user's personal service manager. I don't
think lack of that process is the cause here, maybe an effect instead –
killing it is part of logind's cleanup when a user logs out.

(There is one --user instance for every user, shared across multiple login
sessions, so it is run under a separate "PAM session" of its own; sd-pam is
just a helper process for that.)

What uid does "oracle" have – is it within the system account range
(usually 1–999) or user account (1000–)? I wonder if it's the latter, which
would mean systemd-logind would clean up various things like IPC on
logout... (see logind.conf)

In fact I'm pretty sure that's the case according to the "Identifier
removed" error.

User accounts should be created with "useradd -r" if they're meant for
daemons, to make them have a system UID and let systemd distinguish from
personal accounts.

> ORA-27300: OS system dependent operation:semctl failed with status: 22
> ORA-27301: OS failure message: Invalid argument
> ORA-27302: failure occurred at: sskgpwrm1
> ORA-27157: OS post/wait facility removed
> ORA-27300: OS system dependent operation:semop failed with status: 43
> ORA-27301: OS failure message: Identifier removed
> ORA-27302: failure occurred at: sskgpwwait1
> ksmsdes: Error destroying SGA
> Instance termination got error 27120 from SGA destruction.
>
> If these processes are active for 'oracle' user, Oracle instance never
> crashes.

Pretty sure these processes being active is a result, not cause.

-- 
Mantas Mikulėnas
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel