[Bug 1762391] Re: pam_group.so is not evaluated by gnome-terminal

Tue Dec 18 08:36:56 UTC 2018

According to my tests GDM works as expected - checking groups the user
belongs to on different terminal emulators (e.g. xterm) proves that the
/etc/security/group.conf groups are correctly applied.

The problem in this case affects gnome-terminal alone (and the problem
is present also if using e.g. LightDM instead of GDM).

This is related to the way gnome-terminal-server is started via DBus and
executed under systemd --user. It is started under the systemd-user PAM
service, so pam_group entry should be added to /etc/pam.d/systemd-user.
The problem is systemd will never apply pam_group settings because it
does not call pam_setcred.

The issue is reported to systemd along with a PR fixing it:
https://github.com/systemd/systemd/issues/11198

** Bug watch added: github.com/systemd/systemd/issues #11198
   https://github.com/systemd/systemd/issues/11198

** Also affects: gnome-terminal via
   https://github.com/systemd/systemd/issues/11198
   Importance: Unknown
       Status: Unknown

** Project changed: gnome-terminal => systemd

** Changed in: gnome-terminal (Ubuntu)
       Status: Confirmed => Invalid

** Also affects: systemd (Ubuntu)
   Importance: Undecided
       Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1762391

Title:
  pam_group.so is not evaluated by gnome-terminal

Status in systemd:
  Unknown
Status in gnome-terminal package in Ubuntu:
  Invalid
Status in systemd package in Ubuntu:
  New

Bug description:
  We are using Ubuntu in a university network with lots of ldap users.
  To automatically map ldap users/groups to local groups we are using
  pam_group.so. This has worked for years.

  With the upgrade from Xenial to Bionic /etc/security/group.conf is not
  evaluated anymore by gnome-terminal as it runs as systemd --user.
  Xterm, ssh, su, and tty* however do work as expected. Only the default
  gnome-terminal behaves different.

  According to https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851243
  and https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=756458 this
  might not be a bug, but a feature.

  Nevertheless this behavior is very unexpected when upgrading from
  Xenial to Bionic and therefore should at least added to the changelog.

  ProblemType: Bug
  DistroRelease: Ubuntu 18.04
  Package: gnome-terminal 3.28.0-1ubuntu1
  ProcVersionSignature: Ubuntu 4.15.0-10.11-generic 4.15.3
  Uname: Linux 4.15.0-10-generic x86_64
  NonfreeKernelModules: nvidia_modeset nvidia
  ApportVersion: 2.20.9-0ubuntu4
  Architecture: amd64
  CurrentDesktop: ubuntu:GNOME
  Date: Mon Apr  9 13:17:52 2018
  InstallationDate: Installed on 2018-03-29 (11 days ago)
  InstallationMedia: Ubuntu 18.04 LTS "Bionic Beaver" - Alpha amd64 (20180321)
  SourcePackage: gnome-terminal
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/systemd/+bug/1762391/+subscriptions