Date: Mon, 12 Jun 2023 21:30:19 +0200 From: Steffen Nurpmeso <steffen@sdaoden.eu> To: Jan Beich <jbeich@FreeBSD.org> Cc: Graham Perrin <grahamperrin@freebsd.org>, FreeBSD CURRENT <freebsd-current@freebsd.org> Subject: Re: Directory 1002/ missing from /var/run/user/ Message-ID: <20230612193019.0159g%steffen@sdaoden.eu> In-Reply-To: <cz20-keb1-wny@FreeBSD.org> References: <b56e962e-014e-f0ba-e378-c622fee7a674@freebsd.org> <cz20-keb1-wny@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Jan Beich wrote in
<cz20-keb1-wny@FreeBSD.org>:
|Graham Perrin <grahamperrin@freebsd.org> writes:
|
|> What normally takes care of creation of the numbered directories?
|
|/var/run/user/ (or /run/user/ on Linux with systemd) is a common prefix
It seems to me the latter is just a more modern variant, which
slowly enters non-systemd systems like AlpineLinux (and CRUX Linux
fwiw) including a (likely temporary) symbolic link
lrwxrwxrwx 1 root root 4 May 11 17:59 /var/run -> /run/
|for XDG_RUNTIME_DIR, a standardized place for user-owned unix(4) sockets.
|Fallbacks are either app-specific or shared (e.g., CVE-2020-25697).
|
|/var/run/user/<UID> is managed by sysutils/consolekit2 or sysutils/pam_xd=
g.
|In consolekit2 case the directory is created (contents destroyed if
|already exists) on the first session of the specific UID either via
|C API, DBus API, ck-launch-session(1) or pam_ck_connector(8) and removed
|when the last session terminates. In pam_xdg case the directory is
|created but not removed unless track_sessions is set.
|> A few hours ago, it was unexpectedly missing:
|
|Probably auto-removed by consolekit2 either due to logout or dbus restart.
|
|> I recreated the directory.
|
|Can be automated via PAM e.g.,
|
| # pkg install consolekit2
| # echo "session optional pam_ck_connector.so nox11" >>/etc/pam.d/system
| # service dbus onestart
| $ exit # log out on VT console to re-trigger PAM
|
|or
|
| # pkg install pam_xdg
| # echo "session optional pam_xdg.so notroot runtime" >>/etc/pam.d/system
| $ exit # log out on VT console to re-trigger PAM
The reason for the explicit "track_sessions" is mentioned in the manual
CAVEATS
On Unix systems any =E2=80=9Cdaemonized=E2=80=9D program or script is =
reparented to the
program running with PID 1, most likely leaving the PAM user session
without PAM recognizing this. Yet careless such code may hold or expe=
ct
availability of resources of the session it just left, truly performing
cleanup when sessions end seems thus unwise. Since so many PAM modules
do support session tracking and cleanup pam_xdg.so readded optional su=
p=E2=80=90
port for this.
I reiterate (from freebsd-hackers or -devel from some time ago)
that it is a problem of PAM "session"s that they are not,
actually, sessions. login and such should be extended to make use
of the "reaper" feature so that sessions are safe to use.
Unfortunately in the Linux world they all throw anything onto
systemd, like you say, instead of iterating the other tools.
Like written the "XDG Base Directory Specification" desires the
impossible for XDG_RUNTIME_DIR (except for systemd of the
Poettering who took part in the 2010 v0.7 of that standard).
--End of <cz20-keb1-wny@FreeBSD.org>
--steffen
|
|Der Kragenbaer, The moon bear,
|der holt sich munter he cheerfully and one by one
|einen nach dem anderen runter wa.ks himself off
|(By Robert Gernhardt)
|~~
|..and in spring, hear David Leonard sing..
|
|The black bear, The black bear,
|blithely holds his own holds himself at leisure
|beating it, up and down tossing over his ups and downs with pleasure
|~~
|Farewell, dear collar bear
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20230612193019.0159g%steffen>