From nobody Mon Jun 12 19:30:19 2023 X-Original-To: freebsd-current@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Qg1xF4b6tz4crvf for ; Mon, 12 Jun 2023 19:30:25 +0000 (UTC) (envelope-from steffen@sdaoden.eu) Received: from sdaoden.eu (sdaoden.eu [217.144.132.164]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4Qg1xF0kSkz3vv0; Mon, 12 Jun 2023 19:30:25 +0000 (UTC) (envelope-from steffen@sdaoden.eu) Authentication-Results: mx1.freebsd.org; none Date: Mon, 12 Jun 2023 21:30:19 +0200 Author: Steffen Nurpmeso From: Steffen Nurpmeso To: Jan Beich Cc: Graham Perrin , FreeBSD CURRENT Subject: Re: Directory 1002/ missing from /var/run/user/ Message-ID: <20230612193019.0159g%steffen@sdaoden.eu> In-Reply-To: References: Mail-Followup-To: Jan Beich , Graham Perrin , FreeBSD CURRENT User-Agent: s-nail v14.9.24-479-g07982e6ca2 OpenPGP: id=EE19E1C1F2F7054F8D3954D8308964B51883A0DD; url=https://ftp.sdaoden.eu/steffen.asc; preference=signencrypt BlahBlahBlah: Any stupid boy can crush a beetle. But all the professors in the world can make no bugs. List-Id: Discussions about the use of FreeBSD-current List-Archive: https://lists.freebsd.org/archives/freebsd-current List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-current@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Rspamd-Queue-Id: 4Qg1xF0kSkz3vv0 X-Spamd-Bar: ---- X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:15987, ipnet:217.144.128.0/20, country:DE] X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-ThisMailContainsUnwantedMimeParts: N Jan Beich wrote in : |Graham Perrin writes: | |> What normally takes care of creation of the numbered directories? | |/var/run/user/ (or /run/user/ on Linux with systemd) is a common prefix It seems to me the latter is just a more modern variant, which slowly enters non-systemd systems like AlpineLinux (and CRUX Linux fwiw) including a (likely temporary) symbolic link lrwxrwxrwx 1 root root 4 May 11 17:59 /var/run -> /run/ |for XDG_RUNTIME_DIR, a standardized place for user-owned unix(4) sockets. |Fallbacks are either app-specific or shared (e.g., CVE-2020-25697). | |/var/run/user/ is managed by sysutils/consolekit2 or sysutils/pam_xd= g. |In consolekit2 case the directory is created (contents destroyed if |already exists) on the first session of the specific UID either via |C API, DBus API, ck-launch-session(1) or pam_ck_connector(8) and removed |when the last session terminates. In pam_xdg case the directory is |created but not removed unless track_sessions is set. |> A few hours ago, it was unexpectedly missing: | |Probably auto-removed by consolekit2 either due to logout or dbus restart. | |> I recreated the directory. | |Can be automated via PAM e.g., | | # pkg install consolekit2 | # echo "session optional pam_ck_connector.so nox11" >>/etc/pam.d/system | # service dbus onestart | $ exit # log out on VT console to re-trigger PAM | |or | | # pkg install pam_xdg | # echo "session optional pam_xdg.so notroot runtime" >>/etc/pam.d/system | $ exit # log out on VT console to re-trigger PAM The reason for the explicit "track_sessions" is mentioned in the manual CAVEATS On Unix systems any =E2=80=9Cdaemonized=E2=80=9D program or script is = reparented to the program running with PID 1, most likely leaving the PAM user session without PAM recognizing this. Yet careless such code may hold or expe= ct availability of resources of the session it just left, truly performing cleanup when sessions end seems thus unwise. Since so many PAM modules do support session tracking and cleanup pam_xdg.so readded optional su= p=E2=80=90 port for this. I reiterate (from freebsd-hackers or -devel from some time ago) that it is a problem of PAM "session"s that they are not, actually, sessions. login and such should be extended to make use of the "reaper" feature so that sessions are safe to use. Unfortunately in the Linux world they all throw anything onto systemd, like you say, instead of iterating the other tools. Like written the "XDG Base Directory Specification" desires the impossible for XDG_RUNTIME_DIR (except for systemd of the Poettering who took part in the 2010 v0.7 of that standard). --End of --steffen | |Der Kragenbaer, The moon bear, |der holt sich munter he cheerfully and one by one |einen nach dem anderen runter wa.ks himself off |(By Robert Gernhardt) |~~ |..and in spring, hear David Leonard sing.. | |The black bear, The black bear, |blithely holds his own holds himself at leisure |beating it, up and down tossing over his ups and downs with pleasure |~~ |Farewell, dear collar bear