[Bug 1885948] Re: systemd 229 / dbus 1.10.6-1ubuntu3.5 (16.04) and systemd 237 / dbus 1.12.2-1ubuntu1.1 (18.04) error with "Failed to get properties: Access denied" when ran as non-root user

Zahid Bukhari 1885948 at bugs.launchpad.net
Thu Jul 2 18:30:01 UTC 2020 

In my testing, using rootbinddn and separating LDAP info and LDAP creds
to separate files with ldap.conf as 444 and ldap.secret as 400 didn't
work for dbus.

I did change the group to messagebus and that worked.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to dbus in Ubuntu.
https://bugs.launchpad.net/bugs/1885948

Title:
  systemd 229 / dbus 1.10.6-1ubuntu3.5 (16.04) and systemd 237 / dbus
  1.12.2-1ubuntu1.1 (18.04) error with "Failed to get properties: Access
  denied" when ran as non-root user

Status in dbus package in Ubuntu:
  New

Bug description:
  I've seen this bug reported but almost always it is when being ran as
  root.  This however is only an issue when ran as a non-root user.

  The root user is fine.  I've come across this several times and
  although it's not a major issue, the only solution I've found is to
  reboot the system.

  I see this when running strace, tracing the network.

  We recently installed docker-ce and updated our version of salt from
  2016.8.3 using python 2 to 2019.2.4 using python 3.

  ### 16.04 - systemd 229 on d1lmonitoringdev1 ###

  ## non-root user ##

  $ strace -f -s 16384 -e trace=network systemctl status ntp
  socket(PF_LOCAL, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 3
  getsockopt(3, SOL_SOCKET, SO_RCVBUF, [212992], [4]) = 0
  setsockopt(3, SOL_SOCKET, SO_RCVBUFFORCE, [8388608], 4) = -1 EPERM (Operation not permitted)
  setsockopt(3, SOL_SOCKET, SO_RCVBUF, [8388608], 4) = 0
  getsockopt(3, SOL_SOCKET, SO_SNDBUF, [212992], [4]) = 0
  setsockopt(3, SOL_SOCKET, SO_SNDBUFFORCE, [8388608], 4) = -1 EPERM (Operation not permitted)
  setsockopt(3, SOL_SOCKET, SO_SNDBUF, [8388608], 4) = 0
  connect(3, {sa_family=AF_LOCAL, sun_path="/var/run/dbus/system_bus_socket"}, 33) = 0
  getsockopt(3, SOL_SOCKET, SO_PEERCRED, {pid=1, uid=0, gid=0}, [12]) = 0
  getsockopt(3, SOL_SOCKET, SO_ACCEPTCONN, [0], [4]) = 0
  getsockname(3, {sa_family=AF_LOCAL, NULL}, [2]) = 0
  sendmsg(3, {msg_name(0)=NULL, msg_iov(3)=[{"\0AUTH EXTERNAL ", 15}, {"3130313631", 10}, {"\r\nNEGOTIATE_UNIX_FD\r\nBEGIN\r\n", 28}], msg_controllen=0, msg_flags=0}, MSG_DONTWAIT|MSG_NOSIGNAL) = 53
  recvmsg(3, {msg_name(0)=NULL, msg_iov(1)=[{"REJECTED EXTERNAL DBUS_COOKIE_SHA1 ANONYMOUS\r\nERROR \"Need to authenticate first\"\r\n", 256}], msg_controllen=0, msg_flags=MSG_CMSG_CLOEXEC}, MSG_DONTWAIT|MSG_NOSIGNAL|MSG_CMSG_CLOEXEC) = 82
  strace: Process 29413 attached
  [pid 29413] --- SIGCONT {si_signo=SIGCONT, si_code=SI_USER, si_pid=29412, si_uid=10161} ---
  Failed to get properties: Access denied
  [pid 29413] +++ exited with 0 +++
  --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=29413, si_uid=10161, si_status=0, si_utime=0, si_stime=0} ---
  +++ exited with 1 +++

  ## root user ##

  # Truncated because as root it works.
  $ sudo strace -f -s 16384 -e trace=network systemctl status ntp
  [sudo] password for zbukhari:
  socket(PF_LOCAL, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 3
  getsockopt(3, SOL_SOCKET, SO_RCVBUF, [212992], [4]) = 0
  setsockopt(3, SOL_SOCKET, SO_RCVBUFFORCE, [8388608], 4) = 0
  getsockopt(3, SOL_SOCKET, SO_SNDBUF, [212992], [4]) = 0
  setsockopt(3, SOL_SOCKET, SO_SNDBUFFORCE, [8388608], 4) = 0
  connect(3, {sa_family=AF_LOCAL, sun_path="/run/systemd/private"}, 22) = 0
  getsockopt(3, SOL_SOCKET, SO_PEERCRED, {pid=1, uid=0, gid=0}, [12]) = 0
  getsockopt(3, SOL_SOCKET, SO_ACCEPTCONN, [0], [4]) = 0
  getsockname(3, {sa_family=AF_LOCAL, NULL}, [2]) = 0
  sendmsg(3, {msg_name(0)=NULL, msg_iov(3)=[{"\0AUTH EXTERNAL ", 15}, {"30", 2}, {"\r\nNEGOTIATE_UNIX_FD\r\nBEGIN\r\n", 28}], msg_controllen=0, msg_flags=0}, MSG_DONTWAIT|MSG_NOSIGNAL) = 45
  getsockopt(3, SOL_SOCKET, SO_PEERCRED, {pid=1, uid=0, gid=0}, [12]) = 0
  recvmsg(3, {msg_name(0)=NULL, msg_iov(1)=[{"OK 3139491ef18e4f4c84fae863d4dd042f\r\nAGREE_UNIX_FD\r\n", 256}], msg_controllen=0, msg_flags=MSG_CMSG_CLOEXEC}, MSG_DONTWAIT|MSG_NOSIGNAL|MSG_CMSG_CLOEXEC) = 52
  sendmsg(3, {msg_name(0)=NULL, msg_iov(2)=[{"l\1\4\1\5\0\0\0\1\0\0\0\237\0\0\0\1\1o\0,\0\0\0/org/freedesktop/systemd1/unit/ntp_2eservice\0\0\0\0\3\1s\0\6\0\0\
  0GetAll\0\0\2\1s\0\37\0\0\0org.freedesktop.DBus.Properties\0\6\1s\0\30\0\0\0org.freedesktop.systemd1\0\0\0\0\0\0\0\0\10\1g\0\1s\0\0", 176}, {"\0\0\0\0\0", 5}], msg_controllen=0, msg_flags=0}, MSG_DONTWAIT|MSG_NOSIGNAL) = 181
  recvmsg(3, {msg_name(0)=NULL, msg_iov(1)=[{"l\2\1\1\35 \0\0\1\0\0\0\23\0\0\0\5\1u\0\1\0\0\0", 24}], msg_controllen=0, msg_flags=MSG_CMSG_CLOEXEC}, MSG_DONTWAIT|MSG_NOSIGNAL|MSG_CMSG_CLOEXEC) = 24

  ### 18.04 - systemd 237 on d1lzbbyodev1 ###

  ## non-root user ##
  $ strace -f -s 16384 -e trace=%network systemctl  status ntp
  socket(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 3
  getsockopt(3, SOL_SOCKET, SO_RCVBUF, [212992], [4]) = 0
  setsockopt(3, SOL_SOCKET, SO_RCVBUFFORCE, [8388608], 4) = -1 EPERM (Operation not permitted)
  setsockopt(3, SOL_SOCKET, SO_RCVBUF, [8388608], 4) = 0
  getsockopt(3, SOL_SOCKET, SO_SNDBUF, [212992], [4]) = 0
  setsockopt(3, SOL_SOCKET, SO_SNDBUFFORCE, [8388608], 4) = -1 EPERM (Operation not permitted)
  setsockopt(3, SOL_SOCKET, SO_SNDBUF, [8388608], 4) = 0
  connect(3, {sa_family=AF_UNIX, sun_path="/run/dbus/system_bus_socket"}, 29) = 0
  getsockopt(3, SOL_SOCKET, SO_PEERCRED, {pid=1, uid=0, gid=0}, [12]) = 0
  getsockopt(3, SOL_SOCKET, SO_PEERSEC, 0x56338b39b450, [64]) = -1 ENOPROTOOPT (Protocol not available)
  getsockopt(3, SOL_SOCKET, SO_PEERGROUPS, "", [256->0]) = 0
  getsockopt(3, SOL_SOCKET, SO_ACCEPTCONN, [0], [4]) = 0
  getsockname(3, {sa_family=AF_UNIX}, [128->2]) = 0
  sendmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\0AUTH EXTERNAL ", iov_len=15}, {iov_base="3130313631", iov_len=10}, {iov_base="\r\nNEGOTIATE_UNIX_FD\r\nBEGIN\r\n", iov_len=28}], msg_iovlen=3, msg_controllen=0, msg_flags=0}, MSG_DONTWAIT|MSG_NOSIGNAL) = 53
  strace: Process 22703 attached
  [pid 22702] recvmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="REJECTED EXTERNAL\r\nERROR \"Need to authenticate first\"\r\n", iov_len=256}], msg_iovlen=1, msg_controllen=0, msg_flags=MSG_CMSG_CLOEXEC}, MSG_DONTWAIT|MSG_NOSIGNAL|MSG_CMSG_CLOEXEC) = 55
  [pid 22703] --- SIGCONT {si_signo=SIGCONT, si_code=SI_USER, si_pid=22702, si_uid=10161} ---
  Failed to get properties: Access denied
  [pid 22703] +++ exited with 0 +++
  --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=22703, si_uid=10161, si_status=0, si_utime=0, si_stime=0} ---
  +++ exited with 1 +++

  ## root user ##

  # truncated because as root it works.
  $ sudo strace -f -s 16384 -e trace=%network systemctl  status ntp
  socket(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 3
  getsockopt(3, SOL_SOCKET, SO_RCVBUF, [212992], [4]) = 0
  setsockopt(3, SOL_SOCKET, SO_RCVBUFFORCE, [8388608], 4) = 0
  getsockopt(3, SOL_SOCKET, SO_SNDBUF, [212992], [4]) = 0
  setsockopt(3, SOL_SOCKET, SO_SNDBUFFORCE, [8388608], 4) = 0
  connect(3, {sa_family=AF_UNIX, sun_path="/run/systemd/private"}, 22) = 0
  getsockopt(3, SOL_SOCKET, SO_PEERCRED, {pid=1, uid=0, gid=0}, [12]) = 0
  getsockopt(3, SOL_SOCKET, SO_PEERSEC, 0x557f1d186450, [64]) = -1 ENOPROTOOPT (Protocol not available)
  getsockopt(3, SOL_SOCKET, SO_PEERGROUPS, "", [256->0]) = 0
  getsockopt(3, SOL_SOCKET, SO_ACCEPTCONN, [0], [4]) = 0
  getsockname(3, {sa_family=AF_UNIX}, [128->2]) = 0
  sendmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\0AUTH EXTERNAL ", iov_len=15}, {iov_base="30", iov_len=2}, {iov_base="\r\nNEGOTIATE_UNIX_FD\r\nBEGIN\r\n", iov_len=28}], msg_iovlen=3, msg_controllen=0, msg_flags=0}, MSG_DONTWAIT|MSG_NOSIGNAL) = 45
  getsockopt(3, SOL_SOCKET, SO_PEERCRED, {pid=1, uid=0, gid=0}, [12]) = 0
  strace: Process 22999 attached
  [pid 22998] recvmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="OK fd99f58716884af9a7c053f7d08a1db0\r\nAGREE_UNIX_FD\r\n", iov_len=256}], msg_iovlen=1, msg_controllen=0, msg_flags=MSG_CMSG_CLOEXEC}, MSG_DONTWAIT|MSG_NOSIGNAL|MSG_CMSG_CLOEXEC) = 52
  [pid 22998] sendmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="l\1\4\1\5\0\0\0\1\0\0\0\237\0\0\0\1\1o\0,\0\0\0/org/freedesktop/systemd1/unit/ntp_2eservice\0\0\0\0\3\1s\0\6\0\0\0GetAll\0\0\2\1s\0\37\0\0\0org.freedesktop.DBus.Properties\0\6\1s\0\30\0\0\0org.freedesktop.systemd1\0\0\0\0\0\0\0\0\10\1g\0\1s\0\0", iov_len=176}, {iov_base="\0\0\0\0\0", iov_len=5}], msg_iovlen=2, msg_controllen=0, msg_flags=0}, MSG_DONTWAIT|MSG_NOSIGNAL) = 181
  [pid 22998] recvmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="l\2\1\1Q(\0\0\1\0\0\0;\0\0\0\5\1u\0\1\0\0\0", iov_len=24}], msg_iovlen=1, msg_controllen=0, msg_flags=MSG_CMSG_CLOEXEC}, MSG_DONTWAIT|MSG_NOSIGNAL|MSG_CMSG_CLOEXEC) = 24

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/dbus/+bug/1885948/+subscriptions

More information about the foundations-bugs mailing list