I have the same problem: logging in as a user with NFS home directory fails
permissions on users home directories: rwx------ (default as created by useradd)
NFS (v3) filesystem is not exported with root permission for client machine (i.e. no 'no_root_squash' option)
User enters username and password on login screen and then screen goes black and login window reappears.
Giving root access on the users home directory allows logins to work:
chmod o+x <user home directory>
or if ACLs enabled for the filesystem:
setfacl -m user:65534:x <user home directory>
without changes /var/log/lightdm/lightdm.log shows:
[+16.20s] WARNING: Failed to change to home directory /npdisks/home/jb: Permission denied
relevant lines in lightdm.log:
[+15.91s] DEBUG: Authenticate result for user jb: Success
[+15.91s] DEBUG: User jb authorized
[+15.91s] DEBUG: Wrote 24 bytes to greeter
[+15.95s] DEBUG: Read 8 bytes from greeter
[+15.95s] DEBUG: Read 10 bytes from greeter
[+15.95s] DEBUG: Greeter requests session ubuntu
[+15.95s] DEBUG: Stopping greeter
[+15.95s] DEBUG: Dropping privileges to uid 106
[+15.95s] DEBUG: Removing session authority from /var/lib/lightdm/.Xauthority
[+15.99s] DEBUG: Restoring privileges
[+15.99s] DEBUG: Sending signal 15 to process 7053
[+16.00s] DEBUG: Process 7053 exited with return value 0
[+16.00s] DEBUG: pam_close_session(0xc5a840) -> 0 (Success)
[+16.00s] DEBUG: pam_setcred(0xc5a840, PAM_DELETE_CRED) -> 0 (Success)
[+16.00s] DEBUG: pam_end(0xc5a840) -> 0
[+16.00s] DEBUG: Ending ConsoleKit session 137061b491bb03a23bfe54c90000029c-1319111371.735096-2139365219
[+16.09s] DEBUG: Greeter quit
[+16.09s] DEBUG: Starting user session
[+16.11s] DEBUG: Dropping privileges to uid 6057
[+16.11s] DEBUG: Writing /npdisks/home/jb/.dmrc
[+16.11s] DEBUG: Restoring privileges
[+16.15s] DEBUG: Starting session ubuntu as user logging to /npdisks/home/jb/.xsession-errors
[+16.15s] DEBUG: Launching session
[+16.15s] DEBUG: pam_set_item(0xc6a9f0, 3, ":0") -> 0 (Success)
[+16.16s] DEBUG: pam_open_session(0xc6a9f0, 0) -> 0 (Success)
[+16.19s] DEBUG: Opened ConsoleKit session 137061b491bb03a23bfe54c90000029c-1319111387.433106-1241632904
[+16.19s] DEBUG: Dropping privileges to uid 6057
[+16.19s] DEBUG: Adding session authority to /npdisks/home/jb/.Xauthority
[+16.20s] DEBUG: Restoring privileges
[+16.20s] DEBUG: Launching process 7148: /usr/sbin/lightdm-session 'gnome-session --session=ubuntu'
[+16.20s] WARNING: Failed to change to home directory /npdisks/home/jb: Permission denied
[+16.20s] DEBUG: Registering session with bus path /org/freedesktop/DisplayManager/Session0
[+16.20s] DEBUG: Process 7148 exited with return value 1
[+16.21s] DEBUG: pam_close_session(0xc6a9f0) -> 0 (Success)
[+16.21s] DEBUG: pam_setcred(0xc6a9f0, PAM_DELETE_CRED) -> 0 (Success)
[+16.21s] DEBUG: pam_end(0xc6a9f0) -> 0
[+16.21s] DEBUG: Ending ConsoleKit session 137061b491bb03a23bfe54c90000029c-1319111387.433106-1241632904
[+16.24s] DEBUG: User session quit
having a brief look at the source for lightdm, src/session.c :
/* Change working directory */
if (chdir (user_get_home_directory (user)) != 0)
{
g_warning ("Failed to change to home directory %s: %s", user_get_home_directory (user), strerror (errno));
_exit (EXIT_FAILURE);
}
/* Change to this user */
if (getuid () == 0)
{
if (initgroups (user_get_name (user), user_get_gid (user)) < 0)
{ g_warning ("Failed to initialize supplementary groups for %s: %s", user_get_name (user), strerror (errno));
_exit (EXIT_FAILURE);
}
if (setgid (user_get_gid (user)) != 0)
{ g_warning ("Failed to set group ID to %d: %s", user_get_gid (user), strerror (errno));
_exit (EXIT_FAILURE);
}
if (setuid (user_get_uid (user)) != 0)
{ g_warning ("Failed to set user ID to %d: %s", user_get_uid (user), strerror (errno));
_exit (EXIT_FAILURE);
}
}
I think it should be a simple case of moving the section:
/* Change working directory */
if (chdir (user_get_home_directory (user)) != 0)
{
g_warning ("Failed to change to home directory %s: %s", user_get_home_directory (user), strerror (errno));
_exit (EXIT_FAILURE);
}
to after the /* Change to this user */ section.
i.e.:
.
.
if (setuid (user_get_uid (user)) != 0)
{ g_warning ("Failed to set user ID to %d: %s", user_get_uid (user), strerror (errno));
_exit (EXIT_FAILURE);
}
}
/* Change working directory */
if (chdir (user_get_home_directory (user)) != 0)
{
g_warning ("Failed to change to home directory %s: %s", user_get_home_directory (user), strerror (errno));
_exit (EXIT_FAILURE);
}
I have the same problem: logging in as a user with NFS home directory fails
permissions on users home directories: rwx------ (default as created by useradd)
NFS (v3) filesystem is not exported with root permission for client machine (i.e. no 'no_root_squash' option)
User enters username and password on login screen and then screen goes black and login window reappears.
Giving root access on the users home directory allows logins to work:
chmod o+x <user home directory>
or if ACLs enabled for the filesystem:
setfacl -m user:65534:x <user home directory>
without changes /var/log/ lightdm/ lightdm. log shows:
[+16.20s] WARNING: Failed to change to home directory /npdisks/home/jb: Permission denied
relevant lines in lightdm.log: lightdm/ .Xauthority session( 0xc5a840) -> 0 (Success) 0xc5a840, PAM_DELETE_CRED) -> 0 (Success) 23bfe54c9000002 9c-1319111371. 735096- 2139365219 home/jb/ .dmrc home/jb/ .xsession- errors item(0xc6a9f0, 3, ":0") -> 0 (Success) session( 0xc6a9f0, 0) -> 0 (Success) 23bfe54c9000002 9c-1319111387. 433106- 1241632904 home/jb/ .Xauthority lightdm- session 'gnome-session --session=ubuntu' p/DisplayManage r/Session0 session( 0xc6a9f0) -> 0 (Success) 0xc6a9f0, PAM_DELETE_CRED) -> 0 (Success) 23bfe54c9000002 9c-1319111387. 433106- 1241632904
[+15.91s] DEBUG: Authenticate result for user jb: Success
[+15.91s] DEBUG: User jb authorized
[+15.91s] DEBUG: Wrote 24 bytes to greeter
[+15.95s] DEBUG: Read 8 bytes from greeter
[+15.95s] DEBUG: Read 10 bytes from greeter
[+15.95s] DEBUG: Greeter requests session ubuntu
[+15.95s] DEBUG: Stopping greeter
[+15.95s] DEBUG: Dropping privileges to uid 106
[+15.95s] DEBUG: Removing session authority from /var/lib/
[+15.99s] DEBUG: Restoring privileges
[+15.99s] DEBUG: Sending signal 15 to process 7053
[+16.00s] DEBUG: Process 7053 exited with return value 0
[+16.00s] DEBUG: pam_close_
[+16.00s] DEBUG: pam_setcred(
[+16.00s] DEBUG: pam_end(0xc5a840) -> 0
[+16.00s] DEBUG: Ending ConsoleKit session 137061b491bb03a
[+16.09s] DEBUG: Greeter quit
[+16.09s] DEBUG: Starting user session
[+16.11s] DEBUG: Dropping privileges to uid 6057
[+16.11s] DEBUG: Writing /npdisks/
[+16.11s] DEBUG: Restoring privileges
[+16.15s] DEBUG: Starting session ubuntu as user logging to /npdisks/
[+16.15s] DEBUG: Launching session
[+16.15s] DEBUG: pam_set_
[+16.16s] DEBUG: pam_open_
[+16.19s] DEBUG: Opened ConsoleKit session 137061b491bb03a
[+16.19s] DEBUG: Dropping privileges to uid 6057
[+16.19s] DEBUG: Adding session authority to /npdisks/
[+16.20s] DEBUG: Restoring privileges
[+16.20s] DEBUG: Launching process 7148: /usr/sbin/
[+16.20s] WARNING: Failed to change to home directory /npdisks/home/jb: Permission denied
[+16.20s] DEBUG: Registering session with bus path /org/freedeskto
[+16.20s] DEBUG: Process 7148 exited with return value 1
[+16.21s] DEBUG: pam_close_
[+16.21s] DEBUG: pam_setcred(
[+16.21s] DEBUG: pam_end(0xc6a9f0) -> 0
[+16.21s] DEBUG: Ending ConsoleKit session 137061b491bb03a
[+16.24s] DEBUG: User session quit
having a brief look at the source for lightdm, src/session.c :
/* Change working directory */ home_directory (user)) != 0) home_directory (user), strerror (errno));
if (chdir (user_get_
{
g_warning ("Failed to change to home directory %s: %s", user_get_
_exit (EXIT_FAILURE);
}
/* Change to this user */
g_ warning ("Failed to initialize supplementary groups for %s: %s", user_get_name (user), strerror (errno));
if (getuid () == 0)
{
if (initgroups (user_get_name (user), user_get_gid (user)) < 0)
{
_exit (EXIT_FAILURE);
}
if (setgid (user_get_gid (user)) != 0)
g_ warning ("Failed to set group ID to %d: %s", user_get_gid (user), strerror (errno));
{
_exit (EXIT_FAILURE);
}
if (setuid (user_get_uid (user)) != 0)
g_ warning ("Failed to set user ID to %d: %s", user_get_uid (user), strerror (errno));
{
_exit (EXIT_FAILURE);
}
}
I think it should be a simple case of moving the section:
/* Change working directory */ home_directory (user)) != 0) home_directory (user), strerror (errno));
if (chdir (user_get_
{
g_warning ("Failed to change to home directory %s: %s", user_get_
_exit (EXIT_FAILURE);
}
to after the /* Change to this user */ section.
i.e.:
.
g_ warning ("Failed to set user ID to %d: %s", user_get_uid (user), strerror (errno));
.
if (setuid (user_get_uid (user)) != 0)
{
_exit (EXIT_FAILURE);
}
}
/* Change working directory */ home_directory (user)) != 0) home_directory (user), strerror (errno));
if (chdir (user_get_
{
g_warning ("Failed to change to home directory %s: %s", user_get_
_exit (EXIT_FAILURE);
}