[Bug 755603] New: The gnome keyring socket is not owned with the same credentials as the user login

older
[Bug 1029015] New: Clean install...

bugzilla_noreply＠novell.com

4 Apr 2012 4 Apr '12

08:33

https://bugzilla.novell.com/show_bug.cgi?id=755603 https://bugzilla.novell.com/show_bug.cgi?id=755603#c0 Summary: The gnome keyring socket is not owned with the same credentials as the user login Classification: openSUSE Product: openSUSE 12.2 Version: Factory Platform: Other OS/Version: Other Status: NEW Severity: Major Priority: P5 - None Component: GNOME AssignedTo: bnc-team-gnome@forge.provo.novell.com ReportedBy: mvyskocil@suse.com QAContact: qa-bugs@suse.de CC: vuntz@suse.com, vcizek@suse.com Found By: Development Blocker: --- Created an attachment (id=484752) --> (http://bugzilla.novell.com/attachment.cgi?id=484752) copy the credential checking code from git.gnome.org Running command via sudo fills my log errors as appears in $SUBJECT $ sudo ls Password: xxxx and then log contains following Apr 4 10:20:01 zelva sudo: The gnome keyring socket is not owned with the same credentials as the user login: /run/user/mvyskocil/keyring-5MIqXs/control Apr 4 10:20:01 zelva sudo: gkr-pam: couldn't unlock the login keyring. Apr 4 10:20:01 zelva sudo: mvyskocil : TTY=pts/5 ; PWD=/home/mvyskocil ; USER=root ; COMMAND=/usr/bin/ls Apr 4 10:20:01 zelva systemd[1]: Got D-Bus request: org.freedesktop.DBus.NameOwnerChanged() on /org/freedesktop/DBus However that's not true $ echo $GNOME_KEYRING_CONTROL /run/user/mvyskocil/keyring-5MIqXs $ ls -n $GNOME_KEYRING_CONTROL/* srwxr-xr-x 1 10112 100 0 4. dub 09.33 /run/user/mvyskocil/keyring-5MIqXs/control srwxr-xr-x 1 10112 100 0 4. dub 09.33 /run/user/mvyskocil/keyring-5MIqXs/gpg srwxr-xr-x 1 10112 100 0 4. dub 09.33 /run/user/mvyskocil/keyring-5MIqXs/pkcs11 srwxr-xr-x 1 10112 100 0 4. dub 09.33 /run/user/mvyskocil/keyring-5MIqXs/ssh $ id uid=10112(mvyskocil) gid=100(users) groups=100(users),10(wheel),33(video),41(xok),113(vboxusers),404(lighttpd),1194(vpn) $ id -u 10112 $ id -ru 10112 so the 10112 is my *real* id and keyring sockets are really owned by this id. $ cat /proc/$GNOME_KEYRING_PID/loginuid 10112 and even the process runs with the same uid, so there is really **no** surprise in my configuration. I did a bit more and copy the part of gnome-keyring-daemon, however even getsockopt returns the id 10112, like getuid does. $ ./creds uid=10112, geteuid()=10112 I would say the best way to debug would be patch gnome-keyring-daemon and print the values of uid and getuid on error, but I haven't a time to do that yet. BTW: as google returns most of suse related things for $SUBJ, I suspect some misconfiguration in our pam stack. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

Show replies by date

bugzilla_noreply＠novell.com

4 Apr 4 Apr

08:52

New subject: [Bug 755603] The gnome keyring socket is not owned with the same credentials as the user login

https://bugzilla.novell.com/show_bug.cgi?id=755603 https://bugzilla.novell.com/show_bug.cgi?id=755603#c1 --- Comment #1 from Vincent Untz 2012-04-04 08:52:44 UTC --- The issue is that the GNOME_KEYRING_CONTROL environment variable is set, and when the pam modules are run because of opening a session, the pam_gnome_keyring module sees it and therefore tries to unlock the keyring. But since it's set for your user, but it's trying to unlock it for root (because you run sudo, so we open a session for root), it fails. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

bugzilla_noreply＠novell.com

08:57

New subject: [Bug 755603] The gnome keyring socket is not owned with the same credentials as the user login

https://bugzilla.novell.com/show_bug.cgi?id=755603 https://bugzilla.novell.com/show_bug.cgi?id=755603#c2 --- Comment #2 from Vincent Untz 2012-04-04 08:57:38 UTC --- (Hrm, it might be during pam auth, not during pam session: the keyring can be unlocked at both times) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

bugzilla_noreply＠novell.com

09:06

New subject: [Bug 755603] The gnome keyring socket is not owned with the same credentials as the user login

https://bugzilla.novell.com/show_bug.cgi?id=755603 https://bugzilla.novell.com/show_bug.cgi?id=755603#c3 Vincent Untz changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |gber@opensuse.org --- Comment #3 from Vincent Untz 2012-04-04 09:06:46 UTC --- Changing /etc/pam.d/common-auth to have: auth optional pam_gnome_keyring.so only_if=gdm,gdm-password,lxdm,lightdm instead of just: auth optional pam_gnome_keyring.so removes the warning. However, this breaks the use case where we want the keyring to be unlocked when unlocking the screensaver. So we need to at least add gnome-screensaver to the only_if. I don't know what services are used to authenticate when unlocking a screensaver on xfce and lxde. Guido, do you know? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

bugzilla_noreply＠novell.com

09:29

New subject: [Bug 755603] The gnome keyring socket is not owned with the same credentials as the user login

https://bugzilla.novell.com/show_bug.cgi?id=755603 https://bugzilla.novell.com/show_bug.cgi?id=755603#c4 --- Comment #4 from Guido Berhörster 2012-04-04 09:29:01 UTC --- (In reply to comment #3)

...

unlocking the screensaver. So we need to at least add gnome-screensaver to the only_if. I don't know what services are used to authenticate when unlocking a screensaver on xfce and lxde. Guido, do you know?

Xfce/LXDE use xscreensaver by default whose pam service name is also "xscreensaver". -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

bugzilla_noreply＠novell.com

10:13

New subject: [Bug 755603] The gnome keyring socket is not owned with the same credentials as the user login

https://bugzilla.novell.com/show_bug.cgi?id=755603 https://bugzilla.novell.com/show_bug.cgi?id=755603#c5 Vincent Untz changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |NEEDINFO InfoProvider| |mc@suse.com --- Comment #5 from Vincent Untz 2012-04-04 10:13:20 UTC --- Hrm, I'm unsure it's possible to make pam-config understand different options for auth and session :/ Michael, any hint on this? I'd like pam-config to output: session optional pam_gnome_keyring.so auto_start only_if=gdm,gdm-password,lxdm,lightdm auth optional pam_gnome_keyring.so only_if=gdm,gdm-password,lxdm,lightdm,gnome-screensaver,xscreensaver Our current pam-config call is: pam-config -a --gnome_keyring --gnome_keyring-auto_start --gnome_keyring-only_if=gdm,gdm-password,lxdm,lightdm It's important to note that we don't want auto_start in auth. It's probably okay if the only_if option has the same values in session and auth, though. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

bugzilla_noreply＠novell.com

25 Apr 25 Apr

08:55

New subject: [Bug 755603] The gnome keyring socket is not owned with the same credentials as the user login

https://bugzilla.novell.com/show_bug.cgi?id=755603 https://bugzilla.novell.com/show_bug.cgi?id=755603#c6 Michael Calmer changed: What |Removed |Added ---------------------------------------------------------------------------- InfoProvider|mc@suse.com |kukuk@suse.com --- Comment #6 from Michael Calmer 2012-04-25 08:55:15 UTC --- pam-config maintainer is Thorsten. Better ask him. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

bugzilla_noreply＠novell.com

26 Apr 26 Apr

16:35

New subject: [Bug 755603] The gnome keyring socket is not owned with the same credentials as the user login

https://bugzilla.novell.com/show_bug.cgi?id=755603 https://bugzilla.novell.com/show_bug.cgi?id=755603#c7 Thorsten Kukuk changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |NEW InfoProvider|kukuk@suse.com | --- Comment #7 from Thorsten Kukuk 2012-04-26 16:35:54 UTC --- Should be possible, somebody needs too look at the code and provide a patch. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

bugzilla_noreply＠novell.com

29 Apr 29 Apr

22:47

New subject: [Bug 755603] The gnome keyring socket is not owned with the same credentials as the user login

https://bugzilla.novell.com/show_bug.cgi?id=755603 https://bugzilla.novell.com/show_bug.cgi?id=755603#c8 Joe Fidler changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |joefidler@yahoo.com --- Comment #8 from Joe Fidler 2012-04-29 22:47:38 UTC --- I am seeing same error as described above in my logs - bit scary when you first notice it. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

bugzilla_noreply＠novell.com

20 Jun 20 Jun

20:46

New subject: [Bug 755603] The gnome keyring socket is not owned with the same credentials as the user login

https://bugzilla.novell.com/show_bug.cgi?id=755603 https://bugzilla.novell.com/show_bug.cgi?id=755603#c9 Dominique Leuenberger changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |NEEDINFO CC| |dimstar@opensuse.org InfoProvider| |kukuk@suse.com --- Comment #9 from Dominique Leuenberger 2012-06-20 20:46:52 UTC --- Thorsten, Do you have any hints / pointers you can give to implement this? I'm assuming you won't have resources anytime soon, then it would be good to at least guide some willing volunteer on opensuse-factory on what needs to be done. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

bugzilla_noreply＠novell.com

21 Jun 21 Jun

10:00

New subject: [Bug 755603] The gnome keyring socket is not owned with the same credentials as the user login

https://bugzilla.novell.com/show_bug.cgi?id=755603 https://bugzilla.novell.com/show_bug.cgi?id=755603#c10 Thorsten Kukuk changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |NEW InfoProvider|kukuk@suse.com | --- Comment #10 from Thorsten Kukuk 2012-06-21 10:00:43 UTC --- (In reply to comment #9)

...

Thorsten,

Do you have any hints / pointers you can give to implement this? I'm assuming you won't have resources anytime soon, then it would be good to at least guide some willing volunteer on opensuse-factory on what needs to be done.

Look at the pam-config source code, it's in OBS, especially on mod_pam_gnome_keyring.c, and there at the different switch cases. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

bugzilla_noreply＠novell.com

13 Jul 13 Jul

08:50

New subject: [Bug 755603] The gnome keyring socket is not owned with the same credentials as the user login

https://bugzilla.novell.com/show_bug.cgi?id=755603 https://bugzilla.novell.com/show_bug.cgi?id=755603#c11 Markus Elfring changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |Markus.Elfring@web.de --- Comment #11 from Markus Elfring 2012-07-13 08:50:28 UTC --- (In reply to comment #0) I stumble also on information like the following on my updated openSUSE 12.1 system. /dev/doda/var/log/messages: ... Jul 4 14:48:30 Sonne su: The gnome keyring socket is not owned with the same credentials as the user login: /tmp/keyring-LUJ635/control Jul 4 14:48:30 Sonne su: gkr-pam: couldn't unlock the login keyring. Jul 4 14:48:30 Sonne su: (to root) elfring on /dev/pts/1 ... How are the chances to resolve such difficulties with authorisation processes? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

bugzilla_noreply＠novell.com

15 Jul 15 Jul

12:58

New subject: [Bug 755603] The gnome keyring socket is not owned with the same credentials as the user login

https://bugzilla.novell.com/show_bug.cgi?id=755603 https://bugzilla.novell.com/show_bug.cgi?id=755603#c12 Andreas Schneider changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|P5 - None |P3 - Medium Version|Factory |Final CC| |schneider470@web.de Component|GNOME |Xfce Platform|Other |x86-64 Found By|Development |--- AssignedTo|bnc-team-gnome@forge.provo. |bnc-team-xfce@forge.provo.n |novell.com |ovell.com Product|openSUSE 12.2 |openSUSE 12.3 OS/Version|Other |openSUSE 12.3 --- Comment #12 from Andreas Schneider 2013-07-15 12:58:19 UTC --- I am seeing this problem after installing (new) suse 12.3/64 while 12.2/64 worked fine for me. Using a starter "xdg-su -c thunar" brings up a correct root-window for this application which however is frozen and unusable. It can be closed only after timeout and with a popup "application does not answer". /var/log/messages tells the same story as given here in the bug report. I take it this problem has not been solved so far or did I miss something? Please let me know if you need more information. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

bugzilla_noreply＠novell.com

13:26

New subject: [Bug 755603] The gnome keyring socket is not owned with the same credentials as the user login

https://bugzilla.novell.com/show_bug.cgi?id=755603 https://bugzilla.novell.com/show_bug.cgi?id=755603#c13 Guido Berhörster changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|P3 - Medium |P5 - None Component|Xfce |GNOME AssignedTo|bnc-team-xfce@forge.provo.n |bnc-team-gnome@forge.provo. |ovell.com |novell.com Severity|Major |Normal --- Comment #13 from Guido Berhörster 2013-07-15 13:26:30 UTC --- This is a harmless warning that appears every time you use su or sudo and has nothing to do with whatever else you're seeing. Also, don't reassign this, it is a minor issue in gnome-keyring. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

bugzilla_noreply＠novell.com

11 Mar 11 Mar

14:04

New subject: [Bug 755603] The gnome keyring socket is not owned with the same credentials as the user login

http://bugzilla.novell.com/show_bug.cgi?id=755603 Jia Ban Yovan Toh changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |jiabanster@gmail.com -- You are receiving this mail because: You are on the CC list for the bug.

2603

Age (days ago)

4405

Last active (days ago)

List overview

Download

14 comments

1 participants

participants (1)

bugzilla_noreply＠novell.com

[Bug 755603] New: The gnome keyring socket is not owned with the same credentials as the user login

tags

participants (1)