Re: [systemd-devel] Cannot call GetUnit method with ssh
On Di, 12.03.19 18:17, Bao Nguyen (bao...@gmail.com) wrote: > Hi again, > > I tried to add the LDAP user in /etc/dbus-1/system.conf policy and then > send signal SIGHUP to reload the configuration, also for dbus flush user > cache, but dbus said that > > Unknown username "ldap_demo" on element > Reloaded configuration > > I search the source code in dbus. it will > call _dbus_get_user_id_and_primary_group , > then _dbus_user_database_get_system to search user ldap_demo in its > database but I am not clear how this database is built. Could you please > help me for that? > Is there anyway to make dbus aware the new user except restart dbus? If I > restart dbus, does it have any impact to the system? Please contact the dbus mailing list instead. They can definitely help you better there than here. Lennart -- Lennart Poettering, Red Hat ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] Cannot call GetUnit method with ssh
Hi Mantas, Thanks for your reply. "Hold on – why are you whitelisting individual users for systemd.GetMethod()? " Sorry I am not clear your question. My intend is to add a user that fails to authenticate with DBUS in the previous email to policy config file to troubleshoot if dbus resolve it or not. But it throws "Unknown username" so I think dbus does not know anything about this user and it leads to the authenticate fails. Brs, Bao On Tue, Mar 12, 2019 at 6:20 PM Mantas Mikulėnas wrote: > On Tue, Mar 12, 2019 at 1:17 PM Bao Nguyen wrote: > >> Hi again, >> >> I tried to add the LDAP user in /etc/dbus-1/system.conf policy and then >> send signal SIGHUP to reload the configuration, also for dbus flush user >> cache, but dbus said that >> >> Unknown username "ldap_demo" on element >> Reloaded configuration >> > > Hold on – why are you whitelisting individual users for > systemd.GetMethod()? > > >> >> I search the source code in dbus. it will >> call _dbus_get_user_id_and_primary_group , >> then _dbus_user_database_get_system to search user ldap_demo in its >> database but I am not clear how this database is built. Could you please >> help me for that? >> Is there anyway to make dbus aware the new user except restart dbus? >> > > > >> If I restart dbus, does it have any impact to the system? >> > > Yes; it closes all existing bus connections, which may cause many services > to exit. > > >> >> Thanks, >> Brs, >> Bao >> >> >> On Fri, Mar 8, 2019 at 5:54 PM Lennart Poettering >> wrote: >> >>> On Fr, 08.03.19 11:59, Mantas Mikulėnas (graw...@gmail.com) wrote: >>> >>> > > dbus policy can only reference users that are available locally at >>> any >>> > > time, i.e. generally system users, not human users. >>> > > >>> > > >>> > Hmm, but in this case, the client seems to be completely refused >>> access to >>> > the bus – not just blocked by policy from sending some message. The >>> system >>> > bus normally allows any user to connect (I mean, I have no problems >>> > accessing it from an LDAP account), so I'm not sure why the bus config >>> > should matter at this point. >>> >>> At this point this is probably something to move to the dbus list... I >>> don#t remember how precisely dbus-daemon authenticates stuff, I just >>> have a rough idea. >>> >>> Lennart >>> >>> -- >>> Lennart Poettering, Red Hat >>> >> > > -- > Mantas Mikulėnas > ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] Cannot call GetUnit method with ssh
On Tue, Mar 12, 2019 at 1:17 PM Bao Nguyen wrote: > Hi again, > > I tried to add the LDAP user in /etc/dbus-1/system.conf policy and then > send signal SIGHUP to reload the configuration, also for dbus flush user > cache, but dbus said that > > Unknown username "ldap_demo" on element > Reloaded configuration > Hold on – why are you whitelisting individual users for systemd.GetMethod()? > > I search the source code in dbus. it will > call _dbus_get_user_id_and_primary_group , > then _dbus_user_database_get_system to search user ldap_demo in its > database but I am not clear how this database is built. Could you please > help me for that? > Is there anyway to make dbus aware the new user except restart dbus? > > If I restart dbus, does it have any impact to the system? > Yes; it closes all existing bus connections, which may cause many services to exit. > > Thanks, > Brs, > Bao > > > On Fri, Mar 8, 2019 at 5:54 PM Lennart Poettering > wrote: > >> On Fr, 08.03.19 11:59, Mantas Mikulėnas (graw...@gmail.com) wrote: >> >> > > dbus policy can only reference users that are available locally at any >> > > time, i.e. generally system users, not human users. >> > > >> > > >> > Hmm, but in this case, the client seems to be completely refused access >> to >> > the bus – not just blocked by policy from sending some message. The >> system >> > bus normally allows any user to connect (I mean, I have no problems >> > accessing it from an LDAP account), so I'm not sure why the bus config >> > should matter at this point. >> >> At this point this is probably something to move to the dbus list... I >> don#t remember how precisely dbus-daemon authenticates stuff, I just >> have a rough idea. >> >> Lennart >> >> -- >> Lennart Poettering, Red Hat >> > -- Mantas Mikulėnas ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] Cannot call GetUnit method with ssh
Hi again, I tried to add the LDAP user in /etc/dbus-1/system.conf policy and then send signal SIGHUP to reload the configuration, also for dbus flush user cache, but dbus said that Unknown username "ldap_demo" on element Reloaded configuration I search the source code in dbus. it will call _dbus_get_user_id_and_primary_group , then _dbus_user_database_get_system to search user ldap_demo in its database but I am not clear how this database is built. Could you please help me for that? Is there anyway to make dbus aware the new user except restart dbus? If I restart dbus, does it have any impact to the system? Thanks, Brs, Bao On Fri, Mar 8, 2019 at 5:54 PM Lennart Poettering wrote: > On Fr, 08.03.19 11:59, Mantas Mikulėnas (graw...@gmail.com) wrote: > > > > dbus policy can only reference users that are available locally at any > > > time, i.e. generally system users, not human users. > > > > > > > > Hmm, but in this case, the client seems to be completely refused access > to > > the bus – not just blocked by policy from sending some message. The > system > > bus normally allows any user to connect (I mean, I have no problems > > accessing it from an LDAP account), so I'm not sure why the bus config > > should matter at this point. > > At this point this is probably something to move to the dbus list... I > don#t remember how precisely dbus-daemon authenticates stuff, I just > have a rough idea. > > Lennart > > -- > Lennart Poettering, Red Hat > ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel