https://bugzilla.novell.com/show_bug.cgi?id=755603 https://bugzilla.novell.com/show_bug.cgi?id=755603#c0 Summary: The gnome keyring socket is not owned with the same credentials as the user login Classification: openSUSE Product: openSUSE 12.2 Version: Factory Platform: Other OS/Version: Other Status: NEW Severity: Major Priority: P5 - None Component: GNOME AssignedTo: bnc-team-gnome@forge.provo.novell.com ReportedBy: mvyskocil@suse.com QAContact: qa-bugs@suse.de CC: vuntz@suse.com, vcizek@suse.com Found By: Development Blocker: --- Created an attachment (id=484752) --> (http://bugzilla.novell.com/attachment.cgi?id=484752) copy the credential checking code from git.gnome.org Running command via sudo fills my log errors as appears in $SUBJECT $ sudo ls Password: xxxx and then log contains following Apr 4 10:20:01 zelva sudo: The gnome keyring socket is not owned with the same credentials as the user login: /run/user/mvyskocil/keyring-5MIqXs/control Apr 4 10:20:01 zelva sudo: gkr-pam: couldn't unlock the login keyring. Apr 4 10:20:01 zelva sudo: mvyskocil : TTY=pts/5 ; PWD=/home/mvyskocil ; USER=root ; COMMAND=/usr/bin/ls Apr 4 10:20:01 zelva systemd[1]: Got D-Bus request: org.freedesktop.DBus.NameOwnerChanged() on /org/freedesktop/DBus However that's not true $ echo $GNOME_KEYRING_CONTROL /run/user/mvyskocil/keyring-5MIqXs $ ls -n $GNOME_KEYRING_CONTROL/* srwxr-xr-x 1 10112 100 0 4. dub 09.33 /run/user/mvyskocil/keyring-5MIqXs/control srwxr-xr-x 1 10112 100 0 4. dub 09.33 /run/user/mvyskocil/keyring-5MIqXs/gpg srwxr-xr-x 1 10112 100 0 4. dub 09.33 /run/user/mvyskocil/keyring-5MIqXs/pkcs11 srwxr-xr-x 1 10112 100 0 4. dub 09.33 /run/user/mvyskocil/keyring-5MIqXs/ssh $ id uid=10112(mvyskocil) gid=100(users) groups=100(users),10(wheel),33(video),41(xok),113(vboxusers),404(lighttpd),1194(vpn) $ id -u 10112 $ id -ru 10112 so the 10112 is my *real* id and keyring sockets are really owned by this id. $ cat /proc/$GNOME_KEYRING_PID/loginuid 10112 and even the process runs with the same uid, so there is really **no** surprise in my configuration. I did a bit more and copy the part of gnome-keyring-daemon, however even getsockopt returns the id 10112, like getuid does. $ ./creds uid=10112, geteuid()=10112 I would say the best way to debug would be patch gnome-keyring-daemon and print the values of uid and getuid on error, but I haven't a time to do that yet. BTW: as google returns most of suse related things for $SUBJ, I suspect some misconfiguration in our pam stack. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.