Bug 21959

Summary: dbus access from root user after remote login fails
Product: Mageia Reporter: Frank Griffin <ftg>
Component: RPM PackagesAssignee: Thomas Backlund <tmb>
Status: RESOLVED FIXED QA Contact:
Severity: normal    
Priority: Normal CC: marja11, pernel
Version: Cauldron   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Source RPM: CVE:
Status comment:

Description Frank Griffin 2017-10-28 17:26:24 CEST 
A variation on bug#13834, which is getting long and confusing as well as old.

From an ssh session:

[ftg@ftglap2 ~]$ ssh ftgme2
Password: 
Last login: Fri Oct 27 14:50:02 2017 from 192.168.3.105
[ftg@ftgme2 ~]$ mcc
Too late to run INIT block at /usr/lib/perl5/vendor_perl/5.26.1/x86_64-linux-thread-multi/Glib/Object/Introspection.pm line 257.
Error executing command as another user: Not authorized

This incident has been reported.
[ftg@ftgme2 ~]$ su -l 
Password: 
[root@ftgme2 ~]# mcc
Too late to run INIT block at /usr/lib/perl5/vendor_perl/5.26.1/x86_64-linux-thread-multi/Glib/Object/Introspection.pm line 257.
WARNING **: Couldn't connect to accessibility bus: Failed to connect to socket /tmp/dbus-dvzr47Lvt2: Connection refused at /usr/lib/perl5/vendor_perl/5.26.0/Gtk3.pm line 557.
Ignore the following Glib::Object::Introspection & Gtk3 warnings
WARNING **: Couldn't connect to accessibility bus: Failed to connect to socket /tmp/dbus-dvzr47Lvt2: Connection refused at /usr/lib/perl5/vendor_perl/5.26.0/Gtk3.pm line 557.
Subroutine Gtk3::main redefined at /usr/lib/perl5/vendor_perl/5.26.0/Gtk3.pm line 525.

** (WebKitWebProcess:13431): WARNING **: Couldn't connect to accessibility bus: Failed to connect to socket /tmp/dbus-dvzr47Lvt2: Connection refused
[root@ftgme2 ~]# 

(but the second execution above as root works and the gui opens)

When I went to test mcc from a local terminal window as a non-root user and as root, it all worked.  However, when I did the same thing two days ago, running as root gave me a curses version of both mcc and diskdrake.  I can't reproduce that now, but it has behaved the same way in the past, off and on.

[root@ftgme2 ~]# loginctl
   SESSION        UID USER             SEAT            
        c2        501 ftg              seat0           
       c17        501 ftg                              

2 sessions listed.
[root@ftgme2 ~]# loginctl show-session c17
Id=c17
User=501
Name=ftg
Timestamp=Sat 2017-10-28 11:08:02 EDT
TimestampMonotonic=172524328767
VTNr=0
Remote=yes
RemoteHost=192.168.3.105
Service=sshd
Scope=session-c17.scope
Leader=12465
Audit=0
Type=tty
Class=user
Active=yes
State=active
IdleHint=no
IdleSinceHint=0
IdleSinceHintMonotonic=0
LockedHint=no
[root@ftgme2 ~]# exit
logout
[ftg@ftgme2 ~]$ loginctl
   SESSION        UID USER             SEAT            
        c2        501 ftg              seat0           
       c17        501 ftg                              

2 sessions listed.
[ftg@ftgme2 ~]$ loginctl show-session c17
Id=c17
User=501
Name=ftg
Timestamp=Sat 2017-10-28 11:08:02 EDT
TimestampMonotonic=172524328767
VTNr=0
Remote=yes
RemoteHost=192.168.3.105
Service=sshd
Scope=session-c17.scope
Leader=12465
Audit=0
Type=tty
Class=user
Active=yes
State=active
IdleHint=no
IdleSinceHint=0
IdleSinceHintMonotonic=0
LockedHint=no
[root@ftgme2 ~]# exit
logout
[ftg@ftgme2 ~]$ loginctl
   SESSION        UID USER             SEAT            
        c2        501 ftg              seat0           
       c17        501 ftg                              

2 sessions listed.
[ftg@ftgme2 ~]$ loginctl show-session c17
Id=c17
User=501
Name=ftg
Timestamp=Sat 2017-10-28 11:08:02 EDT
TimestampMonotonic=172524328767
VTNr=0
Remote=yes
RemoteHost=192.168.3.105
Service=sshd
Scope=session-c17.scope
Leader=12465
Audit=0
Type=tty
Class=user
Active=yes
State=active
IdleHint=no
IdleSinceHint=0
IdleSinceHintMonotonic=0
LockedHint=no
[root@ftgme2 ~]# exit
logout
[ftg@ftgme2 ~]$ loginctl
   SESSION        UID USER             SEAT            
        c2        501 ftg              seat0           
       c17        501 ftg                              

2 sessions listed.
[ftg@ftgme2 ~]$ loginctl show-session c17
Id=c17
User=501
Name=ftg
Timestamp=Sat 2017-10-28 11:08:02 EDT
TimestampMonotonic=172524328767
VTNr=0
Remote=yes
RemoteHost=192.168.3.105
Service=sshd
Scope=session-c17.scope
Leader=12465
Audit=0
Type=tty
Class=user
Active=yes
State=active
IdleHint=no
IdleSinceHint=0
IdleSinceHintMonotonic=0
LockedHint=no
[root@ftgme2 ~]# exit
logout
[ftg@ftgme2 ~]$ loginctl
   SESSION        UID USER             SEAT            
        c2        501 ftg              seat0           
       c17        501 ftg                              

2 sessions listed.
[ftg@ftgme2 ~]$ loginctl show-session c17
Id=c17
User=501
Name=ftg
Timestamp=Sat 2017-10-28 11:08:02 EDT
TimestampMonotonic=172524328767
VTNr=0
Remote=yes
RemoteHost=192.168.3.105
Service=sshd
Scope=session-c17.scope
Leader=12465
Audit=0
Type=tty
Class=user
Active=yes
State=active
IdleHint=no
IdleSinceHint=0
IdleSinceHintMonotonic=0
LockedHint=no
Comment 1 Marja Van Waes 2017-10-29 00:53:02 CEST 
It's too late for me to understand this bug. Is it a duplicate of bug 21920 ?

If so, that one can be set to Cauldron and "MGA6TOO" on the whiteboard, and this one closed.

CC: (none) => marja11

Comment 2 Frank Griffin 2017-10-29 01:16:52 CEST 
bug#21920 is similar, but that OP doesn't report the error messages I do (connection refused, unauthorized).  He just says nothing happens.
Comment 3 Marja Van Waes 2017-10-29 11:56:52 CET 
(In reply to Frank Griffin from comment #2)
> bug#21920 is similar, but that OP doesn't report the error messages I do
> (connection refused, unauthorized).  He just says nothing happens.

Ok.

I'll assign this report to our openssh maintainer, maybe he can shed some light :-)

Assignee: bugsquad => guillomovitch
Source RPM: (none) => openssh

Comment 4 Guillaume Rousse 2017-10-29 12:08:31 CET 
The dbus connection error suggest either than dbus is not running, or that it is running, but some kind of access control prevents you to access this. A local session initiated through a desktop manager is likely to have far more process running in the background than a remote one, which may explain the difference.

Anyway, such kind of issue would have a better eye coverage on the cauldron mailing list.
Comment 5 Per Nelvig 2017-11-01 20:20:49 CET 
Tested on new Mageia 6 installation. The original bug 13834 is still valid. In comment 1 in that bug report a solution was suggested that works also for Mageia 6

CC: (none) => pernel

Comment 6 Frank Griffin 2019-02-19 17:08:36 CET 
The original problem is still happening in current cauldron.
Guillaume Rousse 2019-02-19 19:03:36 CET

Summary: Running root commands from terminal window in ssh fails => dbus access from root user after remote login fails

Comment 7 Guillaume Rousse 2019-02-19 19:05:10 CET 
The problems comes from dbus service initialisation, not from ssh.

Source RPM: openssh => (none)

Guillaume Rousse 2019-02-20 22:28:17 CET

Assignee: guillomovitch => bugsquad

Comment 8 Frank Griffin 2020-01-18 05:19:48 CET 
Ping ?
Comment 9 Frank Griffin 2020-03-20 17:36:21 CET 
Assigning to dbus maintainer per comment#7

Assignee: bugsquad => tmb

Comment 10 Frank Griffin 2020-03-20 18:50:55 CET 
Still happening in current cauldron.  Current stdout/stderr is:

[root@ftgme2 ~]# mcc
Too late to run INIT block at /usr/lib64/perl5/vendor_perl/Glib/Object/Introspection.pm line 257.

(mcc:16210): dbind-WARNING **: 12:27:30.117: Couldn't connect to accessibility bus: Failed to connect to socket /tmp/dbus-E0JEi0nQgR: Connection refused
Ignore the following Glib::Object::Introspection & Gtk3 warnings

(drakconf:16214): dbind-WARNING **: 12:27:30.676: Couldn't connect to accessibility bus: Failed to connect to socket /tmp/dbus-E0JEi0nQgR: Connection refused
Subroutine Gtk3::main redefined at /usr/share/perl5/vendor_perl/Gtk3.pm line 539.
GLib-GObject-CRITICAL **: g_boxed_type_register_static: assertion 'g_type_from_name (name) == 0' failed at /usr/lib64/perl5/DynaLoader.pm line 210.
GLib-GObject-CRITICAL **: g_boxed_type_register_static: assertion 'g_type_from_name (name) == 0' failed at /usr/lib64/perl5/DynaLoader.pm line 210.
GLib-GObject-CRITICAL **: g_boxed_type_register_static: assertion 'g_type_from_name (name) == 0' failed at /usr/lib64/perl5/DynaLoader.pm line 210.
GLib-GObject-CRITICAL **: g_boxed_type_register_static: assertion 'g_type_from_name (name) == 0' failed at /usr/lib64/perl5/DynaLoader.pm line 210.
"cannot run /usr/sbin/isodumper" since it is not installed [Writing ISO] at /usr/libexec/drakconf line 833.
GLib-LOG **: posix_spawn avoided (fd close requested)  at /usr/lib64/perl5/vendor_perl/Glib/Object/Introspection.pm line 67.
GLib-LOG **: posix_spawn avoided (child_setup specified)  at /usr/lib64/perl5/vendor_perl/Glib/Object/Introspection.pm line 67.
GLib-LOG **: posix_spawn avoided (child_setup specified)  at /usr/lib64/perl5/vendor_perl/Glib/Object/Introspection.pm line 67.
Oops, secure memory pool already initialized
Oops, secure memory pool already initialized

(WebKitWebProcess:16242): dbind-WARNING **: 12:27:34.639: Couldn't connect to accessibility bus: Failed to connect to socket /tmp/dbus-E0JEi0nQgR: Connection refused
[root@ftgme2 ~]# 

As before, mcc does open successfully.
Comment 11 Frank Griffin 2021-07-05 16:06:49 CEST 
No longer happening in current cauldron.

Status: NEW => RESOLVED
Resolution: (none) => FIXED