https://bugzilla.novell.com/show_bug.cgi?id=849870 https://bugzilla.novell.com/show_bug.cgi?id=849870#c Frederic Crozat changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|fcrozat@suse.com |systemd-maintainers@suse.de -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=849870 https://bugzilla.novell.com/show_bug.cgi?id=849870#c2 Wolfgang Rosenauer changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|systemd --user keeps |user cannot be removed |running for logged out user |(yast or userdel) when he | |had a session before | |(because of systemd --user | |is still running with that | |uid) --- Comment #2 from Wolfgang Rosenauer 2013-11-22 09:30:16 UTC --- I don't really care if that process is running but did you notice the real life issue which is the result from it? User cannot be removed since it still is logged in. The process which still runs as that user is: systemd --user That means that I cannot remove a user from a system when he was logged in at any time before. I consider that a real bug which should be solved. I'm not sure if that needs a fix in systemd or somewhere else though. Please reassign appropriately if that cannot be fixed on systemd side. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=849870 https://bugzilla.novell.com/show_bug.cgi?id=849870#c4 Dr. Werner Fink changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |jsuchome@suse.com AssignedTo|systemd-maintainers@suse.de |jsuchome@suse.com Severity|Major |Minor --- Comment #4 from Dr. Werner Fink 2013-11-22 10:13:23 UTC --- There is an option --force for userdel Without ---force the userdel its self it will not work even with the comamnd I've described placed in /usr/sbin/userdel-pre.local as for running user processes will be checked before any local post or pre will be called. Only YaST2 could run systemctl stop user@$(id -u testuser).service or similar before executing userdel with option --force but this may cause sometimes long timeouts. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=849870 https://bugzilla.novell.com/show_bug.cgi?id=849870#c6 --- Comment #6 from Dr. Werner Fink 2013-11-22 11:16:21 UTC --- The last submit includes the lines # Stop systemd user jobs, even this requires --force id=$(id -u $1) systemctl stop user@${id}.service > /dev/null 2>&1 & in userdel-pre.local but as already explained this also requieres the usage of the option --force for userdel. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=849870 https://bugzilla.novell.com/show_bug.cgi?id=849870#c8 Neil Rickert changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |nrickert@ameritech.net --- Comment #8 from Neil Rickert 2013-11-24 19:06:59 UTC --- I see this as a systemd bug, with security implications. I use "ecryptfs" to mount a private directory. When I logout, the private directory remains mounted. On a work computer, I have ecryptfs setup so that my home directory is encrypted. I logged out before leaving work. From home, I checked. And the encrypted home directory was still mounted. The whole point of an encrypted home directory, is that it should only be visible when the user is logged in. When I tried: ecryptfs-umount-private the response was that the user is still logged in. Repeating that command a second time did unmount. The problem is not that there are processes running for the user. As best I can tell, the systemd user process has current directory "/" so does not require that the encrypted directory remain mounted. The problem is that logout by the user did not close the pam session, so the umount normally done at session end did not take place. I'm guessing that this is also a problem for loop-mounted encrypted container as an encrypted home directory. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=849870 https://bugzilla.novell.com/show_bug.cgi?id=849870#c10 --- Comment #10 from Dr. Werner Fink 2013-11-25 11:09:30 UTC --- (In reply to comment #9) Found this in man 5 logind.conf KillUserProcesses= Takes a boolean argument. Configures whether the processes of a user should be killed when she or he completely logs out (i.e. after her/his last session ended). Defaults to "no". Note that setting KillUserProcesses=1 will break tools like screen(1). .. that means that the systemd user manager instance process is for managing background processes of a user like screen sessions or other batch jobs. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=849870 https://bugzilla.novell.com/show_bug.cgi?id=849870#c12 --- Comment #12 from Jiří Suchomel 2013-11-25 12:28:06 UTC --- (In reply to comment #11)

I would not fear for a question (you mentioned that YaST checks it already; what does it when there are processes running?).

YaST just shows an error popup that the user is logged in. Well, maybe changing it to question might have sense (maybe not in CLI mode) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=849870 https://bugzilla.novell.com/show_bug.cgi?id=849870#c14 --- Comment #14 from Jiri Srain 2013-11-26 08:21:10 UTC --- @#12: Yes, that makes sense to me. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=849870 https://bugzilla.novell.com/show_bug.cgi?id=849870#c16 --- Comment #16 from Thorsten Kukuk 2013-11-26 09:45:48 UTC --- Neither pam_ecryptfs nor pam_systemd are maintained by the pam maintainers, so, sorry, we cannot help. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=849870 https://bugzilla.novell.com/show_bug.cgi?id=849870#c24 --- Comment #24 from Jiří Suchomel 2013-12-06 15:54:27 UTC --- For the YaST part, we can add a question instead of error popup, something like: "The user seems to be currently logged in. Continue anyway?" (Later YaST will use that userdel-pre.local which was already adapted) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=849870 https://bugzilla.novell.com/show_bug.cgi?id=849870#c26 Stephan Kulow changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |REOPENED CC| |coolo@suse.com InfoProvider|coolo@suse.com | --- Comment #26 from Stephan Kulow 2013-12-13 10:11:06 CET --- the reject reason was discussed on packaging ml and is fixed meanwhile, so I reopened the request -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=849870 https://bugzilla.novell.com/show_bug.cgi?id=849870#c28 --- Comment #28 from Neil Rickert 2013-12-16 15:38:56 UTC --- Response to comment #9 and other comments relating to ecryptfs: I have filed a bug report at bugs.freedesktop.org (number 72759): "Systemd user manager interferes with ecryptfs - private directory not being unmounted" -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

http://bugzilla.novell.com/show_bug.cgi?id=849870 Swamp Workflow Management changed: What |Removed |Added ---------------------------------------------------------------------------- Whiteboard| |obs:running:4038:moderate -- You are receiving this mail because: You are on the CC list for the bug.

http://bugzilla.novell.com/show_bug.cgi?id=849870 Swamp Workflow Management changed: What |Removed |Added ---------------------------------------------------------------------------- Whiteboard| |obs:running:4416:moderate -- You are receiving this mail because: You are on the CC list for the bug.

http://bugzilla.novell.com/show_bug.cgi?id=849870 http://bugzilla.novell.com/show_bug.cgi?id=849870#c30 --- Comment #30 from Swamp Workflow Management --- openSUSE-RU-2016:0320-1: An update that has 146 recommended fixes can now be installed. Category: recommended (moderate) Bug References: 737690,742774,750845,818044,838475,841544,849870,852015,852021,852232,853293,854884,856389,856392,856858,857204,858864,859072,859365,860574,860937,861316,861489,863217,864745,864904,865834,866732,866933,867128,867663,867664,867840,868019,868230,868439,868931,869142,869603,872929,873432,873444,874665,875502,876587,876694,877021,877674,878525,880438,880732,881125,881559,881942,882393,882714,883565,884271,884403,885232,885288,886211,886599,886852,888178,888215,888612,889297,889357,890977,892096,892162,892300,893797,895087,896664,897799,897801,897803,898233,898240,898432,900558,901481,902240,902901,903009,903963,904214,904517,904828,905550,906709,906900,907318,907393,908476,909358,910643,911347,912030,912334,913517,916420,918118,919095,920195,921831,921898,921920,926169,927250,927457,928265,931388,932284,933365,933512,933521,933533,934077,934901,937512,937900,938908,939571,940264,941576,944132,944799,945282,947212,948458,948555,948705,949574,949683,949739,950510,951265,951663,953241,9543 36,954781,955635,961576 CVE References: Sources used: openSUSE 13.1 (src): systemd-210-40.1, systemd-mini-210-40.1 -- You are receiving this mail because: You are on the CC list for the bug.