FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Ubuntu > Launchpad User

 
 
LinkBack Thread Tools
 
Old 10-20-2008, 02:36 AM
"Thomas Delbeke"
 
Default consolekit bugs testing system

Testing system for Consolekit libpam dbus bugs








Hi,



There is a problem with authentication under 8.10, which a lot of users experience.



I have started a thread about this on launchpad. It is a bundle of my
crashes so far, due to dbus and unsafe ownership of /home/$USER.



The bug squad team have great difficulties tracking down these bugs
because they have a different system setup. Also the developers cannot
reproduce most of these crashes because of the same reason.



The problem is that they use their system in a way that Newbies do not.



What lies at the cause of this problem is the following:



A) If you download packages through the gnome-terminal you will have to
call root: '$ sudo apt-get ...'. The default download folder for this
/home/$USER. This means that all packages you download their are owned
by root.



If you open nautilus in the gui, you will in fact open '$ nautilus ...'
and not '$ sudo nautilus ...'. This means that you cannot move any
source packages to the waste bin. If you open '$ sudo nautilus' you can
change read and write permissions through the gui (right click >
properties > permissions) but you still cannot change ownership in
group. That is: you have to snipe out every individual file, you cannot
use ctrl+A and ctrl-left_click to unselect.



This makes it very tempting for newbies to just: '$ cd ; sudo chmod -cR
777 . ; sudo chown -cR 1000 .'. An experienced user would never do
that. I read an idea in the idea pool to make a filesystem permissions
and ownership back up tool, dating back to 2006. To may best knowledge
nothing has become of it so far.



Anyway, the above command leads to unsafe ownership of a number of hidden files:



thomas@thomas-laptop:~$ ls -la ~/.dbus/* ~/.dmrc ~/.gnupg/* ~/.gvfs ~/.Xauthority ~/.ICEauthority ~/.pulse/* ~/.compiz

-rwxrwxrwx 1 thomas thomas 28 2008-10-15 21:29 /home/thomas/.dmrc

-rwxrwxrwx 1 thomas thomas 28 2008-10-03 00:49 /home/thomas/.gnupg/gpg.conf

-rwxrwxrwx 1 thomas thomas 0 2008-10-03 00:49 /home/thomas/.gnupg/pubring.gpg

-rwxrwxrwx 1 thomas thomas 0 2008-10-03 00:49 /home/thomas/.gnupg/secring.gpg

-rwxrwxrwx 1 thomas thomas 40 2008-10-03 00:49 /home/thomas/.gnupg/trustdb.gpg

-rwxrwxrwx 1 thomas thomas 21293 2008-10-19 21:07 /home/thomas/.ICEauthority

-rwxrwxrwx 1 thomas thomas 55 2008-10-03 10:02 /home/thomas/.pulse/default-sink

-rwxrwxrwx 1 thomas thomas 1 2008-10-03 10:02 /home/thomas/.pulse/default-source

-rwxrwxrwx 1 thomas thomas 872 2008-10-19 19:00 /home/thomas/.pulse/volume-restore.table

-rwxrwxrwx 1 thomas thomas 173 2008-10-17 04:27 /home/thomas/.Xauthority



/home/thomas/.compiz:

total 20

drwxrwxrwx 3 thomas thomas 4096 2008-10-03 00:27 .

drwxrwxrwx 92 thomas thomas 12288 2008-10-20 00:31 ..

drwxrwxrwx 2 thomas thomas 4096 2008-10-09 16:00 session



/home/thomas/.dbus/session-bus:

total 12

drwxrwxrwx 2 thomas root 4096 2008-10-03 00:57 .

drwxrwxrwx 3 thomas root 4096 2008-10-03 00:57 ..

-rwxrwxrwx 1 thomas root 465 2008-10-19 22:58 00e2e23118afd712ae53375648e55de3-0



/home/thomas/.gvfs:

total 12

dr-x------ 2 thomas thomas 0 2008-10-19 21:07 .

drwxrwxrwx 92 thomas thomas 12288 2008-10-20 00:31 ..

thomas@thomas-laptop:~$



B) Another problem may be that users activate too many authentication services:



thomas@thomas-laptop:~$ sudo dpkg-reconfigure -p low debconf ; sudo dpkg-reconfigure -p low libpam-ldap

[sudo] password for thomas:

Configuring debconf

-------------------



Packages that use debconf for configuration share a common look and feel. You can select the type of user interface they use.



The dialog frontend is a full-screen, character based interface, while
the readline frontend uses a more traditional plain text interface, and
both the gnome and kde frontends

are modern X interfaces, fitting the respective desktops (but may be
used in any X environment). The editor frontend lets you configure
things using your favorite text editor.

The noninteractive frontend never asks you any questions.



1. Dialog 2. Readline 3. Gnome 4. Kde 5. Editor 6. Noninteractive



Interface to use: 2





Debconf prioritizes the questions it asks you. Pick the lowest priority of question you want to see:

- 'critical' only prompts you if the system might break.

Pick it if you are a newbie, or in a hurry.

- 'high' is for rather important questions

- 'medium' is for normal questions

- 'low' is for control freaks who want to see everything





Note that no matter what level you pick here, you will be able to see
every question if you reconfigure a package with dpkg-reconfigure.



1. critical 2. high 3. medium 4. low



Ignore questions with a priority less than: 4





Pluggable Authentication Modules (PAM) determine how authentication,
authorization, and password changing are handled on the system, as well
as allowing configuration of

additional actions to take when starting user sessions.



Some PAM module packages provide profiles that can be used to
automatically adjust the behavior of all PAM-using applications on the
system. Please indicate which of these

behaviors you wish to enable.


1. Cracklib password strength checking 2. Likewise Open 3. Unix
authentication 4. LDAP Authentication 5. ConsoleKit Session Management
6. none of the above



(Enter the items you want to select, separated by spaces.)



PAM profiles to enable: 1 2 3 4 5





thomas@thomas-laptop:~$



C) If you use your system in this way it will become highly unstable
and you will experience a number of crashes that the bug squad can not
easily verify.



You can test whether a bug is due to this issue or not by running rsync
and aptoncd and installing in a Virtual Machine. If you copy the
virtual harddisk and mess up your system as described above, you will
be able to check for differences. I would like to tell you though that
the 'messed up' system will function remarkably well, other then
experiencing a number of fatal system crashes, that are not easy to
debug, since fatal off course, but also unpredictable.



A way to test this is to start all affected applications under valgrind and attach pidof in strace and gdb.



Commands that trigger the problem:



e.g. bogus pipes:



sudo compiz | compiz

sudo x-session-manager | pulseaudio



or



metacity --replace

compiz --replace



Involved applications are:



compiz

compiz.real

bzr (certificate problem: unsafe ownership of .gnupg)

ca-certificates (idem)

canberra-gtk-play

hald-volume-monitor (or something like that)

gnome-session

x-session-manager

console-kit-daemon

metacity

dbus-launch

dbus-session



and many more



All these applications have in common that they need to be authorized
by consolekit (and or PAM etc.) to access
/var/run/dbus/system_bus_socket



I noticed this in the /var/log files (TIP: run '$ sudo dpkg-reconfigure -ap low' and enable logging for absolutely everything)



It seems to me that consolekit may be involved in nearly all of my bugs.



If you try and run the following command:



'$ sudo apt-get remove consolekit'



you may begin to believe ...



thomas@thomas-laptop:~$ sudo apt-get remove consolekit

Reading package lists... Done

Building dependency tree

Reading state information... Done

The following packages were automatically installed and are no longer required:

bluez-alsa nvidia-71-modaliases libarts1c2a kdelibs4c2a libglitz-glx1
python-pexpect bluez-gstreamer libuser-perl nvidia-177-modaliases
libgda3-common python-glade2-dbg

gdesklets-data python-pycurl python-pyxattr kdelibs-data
python-dbus-dbg liblualib50 gnumeric-common libmono-cairo2.0-cil
python-utidylib deluge-torrent-common pptp-linux

python-cairo-dbg python-pyorbit-dbg libgoffice-0-6-common
libtidy-0.99-0 python-gconf-dbg python-soappy libavahi-qt3-1
libavahi-gobject0 python-4suite-doc icedax

libnet-google-perl python-feedparser libemail-date-format-perl
libglitz1 hddtemp python-numeric-dbg libwww-search-perl
nvidia-173-modaliases libpkcs11-helper1

libgnomesu-common rdiff-backup libmime-lite-perl python-setuptools
python-pylibacl python-fpconst python-4suite-xml nvidia-common
libgda3-bin libgda3-3 libjcode-pm-perl

libgnome-keyring1.0-cil python-smartpm openvpn liblua50
python-gnomecanvas-dbg python-chardet gstreamer0.10-gnonlin librsync1
nvidia-96-modaliases libgdl-1-0

openvpn-blacklist python-gobject-dbg python-rdflib python-gtk2-dbg libgdl-1-common

Use 'apt-get autoremove' to remove them.

The following packages will be REMOVED

adept adept-dbgsym alacarte alleyoop aptoncd avahi-daemon avahi-utils
bluetooth bluez bluez-gnome bluez-utils brasero bug-buddy compiz
compiz-gnome compiz-gnome-dbgsym

consolekit contact-lookup-applet contact-lookup-applet-dbgsym dbus
dbus-x11 deluge-torrent deluge-torrent-dbgsym deskbar-applet
deskbar-applet-dbg dhcdbd dvd95 ekiga eog

evolution evolution-data-server evolution-exchange evolution-plugins
evolution-webcal f-spot fast-user-switch-applet file-roller
firefox-3.0-gnome-support

firefox-gnome-support firestarter firestarter-dbgsym gconf-editor
gdesklets gmail-notify gnome-about gnome-applets gnome-applets-dbgsym
gnome-control-center gnome-games

gnome-media gnome-mount gnome-netstatus-applet gnome-orca gnome-panel
gnome-panel-dbg gnome-pilot gnome-pilot-conduits gnome-power-manager
gnome-screensaver gnome-session

gnome-settings-daemon gnome-spell gnome-terminal gnome-user-guide
gnome-utils gnome-volume-manager gnomebaker gnumeric
gstreamer0.10-gnomevfs hal hal-cups-utils

isight-firmware-tools jockey-common jockey-gtk kde-window-manager
kdebase-runtime kdebase-runtime-bin-kde4 kdelibs-bin kdelibs5
khelpcenter4 kwin kwin-style-alphacube

kwin-style-alphacube-dbgsym landscape-client libbonoboui2-0
libdeskbar-tracker libebook1.2-9 libecal1.2-7 libedata-book1.2-2
libedata-cal1.2-6 libedataserverui1.2-8

libeel2-2 libexchange-storage1.2-3 libgail-gnome-module
libgnome-desktop-2 libgnome-desktop-2-7 libgnome-media0
libgnome-vfs2.0-cil libgnome-window-settings1 libgnome2-0

libgnome2-perl libgnome2-vfs-perl libgnome2.0-cil libgnomesu0
libgnomesu0-dbgsym libgnomeui-0 libgnomevfs2-0 libgnomevfs2-bin
libgnomevfs2-extra libgoffice-0-6

libgsf-gnome-1-114 libgtkhtml-editor0 libgtkhtml3.14-19
libgtkhtml3.16-cil libkdecorations4 libkwineffects1 liblpint-bonobo0
libnss-mdns libnss-mdns-dbgsym libpam-blue

libpam-blue-dbgsym libpanel-applet2-0 libswt-gnome-gtk-3.4-jni
mousetweaks nautilus nautilus-cd-burner nautilus-dbg nautilus-share
network-manager network-manager-gnome

network-manager-openvpn network-manager-pptp openoffice.org-gnome
pamusb-tools pitivi policykit policykit-gnome pulseaudio-module-hal
pybackpack python-gnome2

python-gnome2-dbg python-gnome2-desktop python-gnome2-desktop-dbg
python-gnome2-extras python-gnome2-extras-dbg python-pyatspi rhythmbox
screenlets seahorse-plugins

serpentine sound-juicer soundconverter system-config-printer-gnome
thoggen tomboy totem totem-dbg totem-gstreamer totem-mozilla
totem-plugins tracker tracker-search-tool

tsclient ubuntu-desktop ubuntu-docs ubuntu-system-service update-notifier vinagre vino vuze xulrunner-1.9-gnome-support yelp

0 upgraded, 0 newly installed, 172 to remove and 0 not upgraded.

After this operation, 503MB disk space will be freed.

Do you want to continue [Y/n]? n

Abort.

thomas@thomas-laptop:~$



Suggested solutions:



Make nautilus able to change ownership and permissions in bulk, also
when called without sudo, or maybe only for /home or /home/$USER



Replace all sensitive hidden files in /home/$USER with symlinks that will not be affected.



Wright a warning in gnome-terminal that pops up when chmod, chown and
such are called within /home/$USER. For instance ask: also hidden
files? (-R)



Wright a warning when about to install a superfluous combination of authentication services.



Write some good howto's for newbies.



BTW: To track this problem down further: Try and make a list of the
most common crashes in launchpad that are standing open for quite a
long time, without a debug report. Compare it with the build-dep of
consolekit and libpam and such. That should help you track down the
malfunctioning applications.









You
can also try to ask people who seemingly post non reproducible bugs on
the forum to list the permission settings of the affected
/home/$USER/files. Or you can ask them if they remember having received
any of the following error messages:



1) On startup, after the login window:



User's $HOME/.dmrc file is being ignored.This prevents the default
session and language from being saved. File should be owned by user and
have 644 permissions. User's $HOME directory must be owned by user and
not writeable by other users.



2) gpg: WARNING: unsafe ownership on configuration file `/home/$USER/.gnupg/gpg.conf'

Reported by tdflanders on 2008-10-16

(undecided) Bug #284653:

This report is public

Consolekit crashes due to /var/dbus/system_bus_socket



(The title should have been [...] /var/run/dbus/system_bus_socket)

http://ubuntuforums.org/showthread.php?p=5997560#post5997560




Cheers,



Thomas
--
launchpad-users mailing list
launchpad-users@lists.canonical.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/launchpad-users
 
Old 10-21-2008, 10:31 AM
Malcolm
 
Default consolekit bugs testing system

2008/10/20 Thomas Delbeke <toom2079@gmail.com>:

> A) If you download packages through the gnome-terminal you will have to call
> root: '$ sudo apt-get ...'. The default download folder for this
> /home/$USER. This means that all packages you download their are owned by
> root.

The default download directory for "apt-get source" is the current directory.

"apt-get source" can and should be run without sudo.

The default download directory for other apt-get commands is not the
current directory.

--
Malcolm Parsons

--
launchpad-users mailing list
launchpad-users@lists.canonical.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/launchpad-users
 
Old 10-21-2008, 12:10 PM
Martin Pitt
 
Default consolekit bugs testing system

Hi Thomas,

first, this is rather stuff for ubuntu-devel-discuss@, it is not at
all launchpad related. Much of it is also just matter for
ubuntu-users@, too.

Thomas Delbeke [2008-10-20 3:36 +0100]:
> The problem is that they use their system in a way that Newbies do not.

The commands you mentioned are not at all something "newbies" as in
"my mother" would ever use. They seem to come from some ill-advising
forum posts or other places and many people just blindly copy them
without actually understanding what they do?

If you find such commands on wiki.u.c. or help.u.c., please point them
out so that we can fix them.

> What lies at the cause of this problem is the following:
>
> A) If you download packages through the gnome-terminal you will have to call
> root: '$ sudo apt-get ...'. The default download folder for this
> /home/$USER. This means that all packages you download their are owned by
> root.

apt-get install won't download to $HOME, and apt-get source shouldn't
be called as root. If you do, you get exactly what you asked for.

> If you open nautilus in the gui

another thing that isn't at all common, I'd say

>, you will in fact open '$ nautilus ...' and not '$ sudo nautilus
>...'. This means that you cannot move any source packages to the
>waste bin.

No, because they are owned by root. You can remove single root owned
files from your home directory, but not files from a root-owned
directory. I don't see anything wrong with that behaviour, and it is
how Unix works since the beginning of time. What do you see wrong with
this?

> If you open '$ sudo nautilus' you can change read
> and write permissions through the gui (right click > properties >
> permissions) but you still cannot change ownership in group. That is: you
> have to snipe out every individual file, you cannot use ctrl+A and
> ctrl-left_click to unselect.

You can delete the entire folder, though.

> This makes it very tempting for newbies to just: '$ cd ; sudo chmod -cR 777
> . ; sudo chown -cR 1000 .'.
> [...]
> Anyway, the above command leads to unsafe ownership of a number of hidden
> files:

Absolutely. It's one of 203943294238 ways to shoot yourself in the
foot. We should fix documentation which advises something stupid like
this, and otherwise just shrug.

> Configuring debconf

It's not quite clear to me what this quotation of debconf frontends,
pam, and cracklib was meaning to convey?

> C) If you use your system in this way it will become highly unstable and you
> will experience a number of crashes that the bug squad can not easily
> verify.

"this way" -> using cracklib?

> Commands that trigger the problem:

You mean those are ways to crash consolekit? If you know reproducers
for any of the consolekit crashes reported in Launchpad, it would be
appreciated if you could describe them there. On this list they will
just be ignored, I'm afraid.

> Make nautilus able to change ownership and permissions in bulk, also when
> called without sudo, or maybe only for /home or /home/$USER

No. First, it's not even possible (the kernel rightfully enforces user
privileges, not nautilus), and second it would be wrong. If you create
directories as root in your $HOME, you have to remove files in them
them as root.

> Replace all sensitive hidden files in /home/$USER with symlinks that will
> not be affected.

That's another weird proposition.

There seem to be lots of apparently unrelated and strange things
mentioned in your mail, but I'm still not at all clear what your
*actual* problem is. Is it a consolekit crash? If so, which bug
number? Let's discuss it properly there.

Thank you!

Martin

--
Martin Pitt | http://www.piware.de
Ubuntu Developer (www.ubuntu.com) | Debian Developer (www.debian.org)

--
launchpad-users mailing list
launchpad-users@lists.canonical.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/launchpad-users
 

Thread Tools




All times are GMT. The time now is 10:03 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org