After update, root works but not regular user

Running 13.1, KDE, 64-bit. My current difficulty seems different from the other recent posts here.

I got several updates a few hours ago and was told a restart was necessary. After the reboot, I didn’t get a graphical desktop but only command prompt. I could login as root, then with startx get a desktop. However, if I login as my regular user (named “taxpayer”), “startx” gives an error message such as ‘file /home/taxpayer/.serverauth.2581 does not exist’

And I discovered that from root’s desktop the “leave” button does not offer the “switch user” option that I’m accustomed to seeing as a regular user.

So what might I do to start my regular user’s graphical desktop?

A few other details: My home partition is encrypted, but I entered the password when booting and as root I can read my files there. Yast “user and group management” shows my users, no problem indicated. Because my last prior reboot was about three weeks ago I cannot know what change (there have been dozens) might have caused the problem. However, I do know that the most recent update included “kernel desktop 3.11.10.” I did try rebooting to an older desktop, but had the same problem.

Try logging in as root and then try this instead of “startx”:

rcxdm start

startx does not work as regular user by default.

So what might I do to start my regular user’s graphical desktop?

Apparently it’s kdm that fails to start, /var/log/kdm.log should provide a clue.
Could you upload that to http://susepaste.org and post a link?

Susepaste tells me I am spammer, and it isn’t immediately evident how to avoid that. However, I did post /var/log/kdm.log to http://taxinsanity.wordpress.com/2014/02/07/suse-difficulties/

Also, responding to the suggestion by evetsnameloc, I tried as root entering “rcxdm start” and got the response “redirecting to systemctl start xdm.service” followed by command prompt and didn’t note any other difference.

Could you paste output of “systemctl status xdm.service”?

xdm.service - LSB: X Display Manager
   Loaded: loaded (/etc/init.d/xdm)
   Active: active (running) since Fri 2014-02-07 10:20:26 CST; 35min ago
  Process: 1042 ExecStart=/etc/init.d/xdm start (code=exited, status=0/SUCCESS)
   CGroup: /system.slice/xdm.service
           └─1118 /usr/bin/kdm

Feb 07 10:20:26 monk.monksite systemd[1]: Starting LSB: X Display Manager...
Feb 07 10:20:26 monk.monksite kdm_config[1119]: Multiple occurrences of section [General] in /usr/share/kde4/config/kdm/kdmrc. Consider merging them.
Feb 07 10:20:26 monk.monksite kdm_config[1119]: Multiple occurrences of section [Xdmcp] in /usr/share/kde4/config/kdm/kdmrc. Consider merging them.
Feb 07 10:20:26 monk.monksite kdm_config[1119]: Multiple occurrences of section [X-*-Core] in /usr/share/kde4/config/kdm/kdmrc. Consider merging them.
Feb 07 10:20:26 monk.monksite kdm_config[1119]: Multiple occurrences of section [X-*-Greeter] in /usr/share/kde4/config/kdm/kdmrc. Consider merging them.
Feb 07 10:20:26 monk.monksite xdm[1042]: Starting service kdm..done
Feb 07 10:20:26 monk.monksite systemd[1]: Started LSB: X Display Manager.
Feb 07 10:20:26 monk.monksite kdm[1118]: plymouth is running
Feb 07 10:20:26 monk.monksite kdm[1118]: plymouth is active on VT 7, reusing for :0
Feb 07 10:20:26 monk.monksite kdm[1118]: plymouth should quit after server startup
Feb 07 10:20:27 monk.monksite kdm[1118]: Quitting Plymouth with transition
Feb 07 10:20:27 monk.monksite kdm[1118]: Is Plymouth still running? no
Feb 07 10:20:27 monk.monksite kdm_greet[1290]: Cannot create $HOME
Feb 07 10:20:27 monk.monksite kdm[1289]: :0[1289]: Received unknown or unexpected command -2 from greeter
Feb 07 10:20:27 monk.monksite kdm[1118]: plymouth is NOT running

On 2014-02-07 16:36, rentpayer wrote:

> I could login as root, then with startx get a desktop.
> However, if I login as my regular user (named “taxpayer”), “startx”
> gives an error message such as ‘file /home/taxpayer/.serverauth.2581
> does not exist’

Expected. For that to work you have change certain permissions (in
permissions.local). And it has security issues.

> And I discovered that from root’s desktop the “leave” button does not
> offer the “switch user” option that I’m accustomed to seeing as a
> regular user.

Expected. That’s a functionality that needs the graphical login manager,
and you did not use it.

–
Cheers / Saludos,

Carlos E. R.

(from 13.1 x86_64 “Bottle” (Minas Tirith))

I do not use KDE myself but this does not sound right. What are permissions of /tmp and /var/tmp? “ls -ld /tmp /var/tmp”?

On 2014-02-07 18:06, rentpayer wrote:
>
> arvidjaar;2622849 Wrote:
>> Could you paste output of “systemctl status xdm.service”?
>
> Code:
> --------------------

> Feb 07 10:20:27 monk.monksite kdm_greet[1290]: Cannot create $HOME
> --------------------

Is your /home directory ok? Full perhaps?

–
Cheers / Saludos,

Carlos E. R.

(from 13.1 x86_64 “Bottle” (Minas Tirith))

Thanks for help, here is the requested information:

drwxr-xr-x 10 root root 4096 Feb  7 11:30 /tmp
drwxrwxrwt 14 root root 4096 Feb  7 10:28 /var/tmp

My home partition has >200 gb free

/dev/mapper/cr_ata-ST3500413AS_5VMPV5Y6-part6 353993756 138231180 214666884  40% /home

and are not these permissions correct?

taxpayer@monk:/home> ls -al
total 36
drwxr-xr-x  6 root        root   4096 Dec 15 09:41 .
drwxr-xr-x 29 root        root   4096 Feb  7 10:20 ..
drwxr-xr-x 24 independent users  4096 Feb  7 09:40 independent
drwx------  2 root        root  16384 Dec 14 21:16 lost+found
drwxr-xr-x 54 taxpayer    users  4096 Feb  7 09:29 taxpayer

/var and /tmp also have plenty of space

monk:/tmp # df .
Filesystem         1K-blocks  Used Available Use% Mounted on
/dev/mapper/cr_var  13215632 32832  12495084   1% /tmp
monk:/tmp # cd ../var
monk:/var # df .
Filesystem           1K-blocks    Used Available Use% Mounted on
/dev/mapper/cr_var_2  21901748 1277528  19555764   7% /var
monk:/var # 

Those permissions are completely wrong, only root has write permissions for /tmp.
They should be the same as for /var/tmp/.

So run this as root to fix it:

chmod a+w,o+t /tmp

I did as you recommended

monk:~ # ls -ld /tmp /var/tmp
drwxr-xr-x  8 root root 4096 Feb  7 13:18 /tmp
drwxrwxrwt 14 root root 4096 Feb  7 13:19 /var/tmp
monk:~ # chmod a+w,o+t /tmp
monk:~ # ls -ld /tmp /var/tmp
drwxrwxrwt  8 root root 4096 Feb  7 13:18 /tmp
drwxrwxrwt 14 root root 4096 Feb  7 13:19 /var/tmp
monk:~ # 

Then rebooted, and the permissions of /tmp have regressed to what they were before

monk:/tmp # ls -ld /tmp /var/tmp
drwxr-xr-x  8 root root 4096 Feb  7 13:30 /tmp
drwxrwxrwt 14 root root 4096 Feb  7 13:32 /var/tmp

I do not know how to change the way permissions get set at boot, nor how to start a graphic desktop user session after boot. Either one might solve my problem. (I also wonder how permissions got changed; if it was done by an update I’d think thousands of users would be affected.)

On 2014-02-07 20:46, rentpayer wrote:

> Then rebooted, and the permissions of /tmp have regressed to what they
> were before

Well, set them again and do not reboot. At least till you find why they
are reset.

Just do “init 3”, “init 5” to restart the graphical session.

Ideas. Is your /tmp a tmpfs?

Did you perchance change your permissions to secure?

–
Cheers / Saludos,

Carlos E. R.

(from 13.1 x86_64 “Bottle” (Minas Tirith))

No it’s no tmpfs:
I just noticed something:

Please post /etc/fstab.

Did you perchance change your permissions to secure?

That wouldn’t cause this. There are no settings for /tmp in /etc/permissions.*.
And if there were that would be a bug IMHO.
What are secure settings for, when they prevent a user from login and do work, i.e. when you have to be root to even use your computer?
That would be the exact opposite of secure I think…

On 2014-02-07 21:46, wolfi323 wrote:
>
> robin_listas;2622908 Wrote:
>>
>> Ideas. Is your /tmp a tmpfs?
> I would think that too.
> Please post /etc/fstab.

Better the output of “mount”. There are things that are mounted directly
by systemd.

>> Did you perchance change your permissions to secure?
> That wouldn’t cause this. There are no settings for /tmp in
> /etc/permissions.*.

Just a thought.

> And if there were that would be a bug IMHO.
> What are secure settings for, when they prevent a user from login and do
> work, i.e. when you have to be root to even use your computer?
> That would be the exact opposite of secure I think…

Just try to use the computer on that mode and find out
Even worse, try the “paranoid” mode.

–
Cheers / Saludos,

Carlos E. R.

(from 13.1 x86_64 “Bottle” (Minas Tirith))

But not /tmp.

And his df output earlier already showed that /tmp is mounted from /dev/mapper/cr_var. I doubt that systemd would do that…

But of course the output of “mount” would help as well. I expect some incorrect fmask/dmask or umask options.

> And if there were that would be a bug IMHO.
> What are secure settings for, when they prevent a user from login and do
> work, i.e. when you have to be root to even use your computer?
> That would be the exact opposite of secure I think…

Just try to use the computer on that mode and find out
Even worse, try the “paranoid” mode.

Yes, I know that those are not really suited for desktop usage.
But preventing write access to /tmp for users is just turning off multi-user mode in effect and forcing you to work as root.
You could just as well remove all users (except root) then I guess to have the same effect…

On 2014-02-07 23:16, wolfi323 wrote:

>> Better the output of “mount”. There are things that are mounted directly
>> by systemd.
> But not /tmp.

Not on openSUSE, right. But it is upstream, I understand.

> And his df output earlier already showed that /tmp is mounted from
> /dev/mapper/cr_var.

Ah, ok, right. I do not remember that. …]

--------------------
monk:/tmp # df .
Filesystem         1K-blocks  Used Available Use% Mounted on
/dev/mapper/cr_var  13215632 32832  12495084   1% /tmp
monk:/tmp # cd ../var
monk:/var # df .
Filesystem           1K-blocks    Used Available Use% Mounted on
/dev/mapper/cr_var_2  21901748 1277528  19555764   7% /var
monk:/var #
--------------------

Then that is not a standard system, both var and tmp are separate.

I think I want both fstab and the output of mount

Just try to use the computer on that mode and find out
Even worse, try the “paranoid” mode.

Yes, I know that those are not really suited for desktop usage.
But preventing write access to /tmp for users is just turning off
multi-user mode in effect and forcing you to work as root.
You could just as well remove all users (except root) then I guess to
have the same effect…

Ha! Read:

> # /etc/permissions.paranoid is NOT designed to be used in a single-user as
> # well as a multi-user installation, be it networked or not.
> # Derived from /etc/permissions.secure, it has _all_ sgid and suid bits
> # cleared - therefore, the system might be useable for non-privileged users
> # except for simple tasks like changing passwords and such. In addition,
> # some of the configuration files are not readable for world any more.

It is like shooting your own foot…

–
Cheers / Saludos,

Carlos E. R.

(from 13.1 x86_64 “Bottle” (Minas Tirith))

Thank you both for the attention you are devoting to my problem. I had to go out, now back briefly and will need to go out again for a few hours…

I set my system up with separate /var and /tmp partitions, both encrypted (as are /home and /swap) basically because I can and I figure it is somewhat more secure. I set it up this way when I upgraded to 13.1, about two months ago, and have had no problems logging on until now. During that time I have probably done three or four reboots (prior to today). In addition to these, I have several other partitions I don’t use much but are handy for when I upgrade OS and to store some stuff. I have two internal disks plus an external drive (sdc) used only for backup.

One of the things I like about OpenSUSE is that the installer is relatively good at dealing with multiple partitions and drives, and encryption.

Here is the output of “mount”

monk:~ # mount
devtmpfs on /dev type devtmpfs (rw,relatime,size=4036656k,nr_inodes=1009164,mode=755)
tmpfs on /dev/shm type tmpfs (rw,relatime)
tmpfs on /run type tmpfs (rw,nosuid,nodev,relatime,mode=755)
devpts on /dev/pts type devpts (rw,relatime,gid=5,mode=620,ptmxmode=000)
/dev/sda1 on / type ext4 (rw,relatime,data=ordered)
proc on /proc type proc (rw,relatime)
sysfs on /sys type sysfs (rw,nosuid,nodev,noexec,relatime)
securityfs on /sys/kernel/security type securityfs (rw,nosuid,nodev,noexec,relatime)
tmpfs on /sys/fs/cgroup type tmpfs (rw,nosuid,nodev,noexec,mode=755)
cgroup on /sys/fs/cgroup/systemd type cgroup (rw,nosuid,nodev,noexec,relatime,xattr,release_agent=/usr/lib/systemd/systemd-cgroups-agent,name=systemd)
pstore on /sys/fs/pstore type pstore (rw,nosuid,nodev,noexec,relatime)
cgroup on /sys/fs/cgroup/cpuset type cgroup (rw,nosuid,nodev,noexec,relatime,cpuset)
cgroup on /sys/fs/cgroup/cpu,cpuacct type cgroup (rw,nosuid,nodev,noexec,relatime,cpuacct,cpu)
cgroup on /sys/fs/cgroup/memory type cgroup (rw,nosuid,nodev,noexec,relatime,memory)
cgroup on /sys/fs/cgroup/devices type cgroup (rw,nosuid,nodev,noexec,relatime,devices)
cgroup on /sys/fs/cgroup/freezer type cgroup (rw,nosuid,nodev,noexec,relatime,freezer)
cgroup on /sys/fs/cgroup/net_cls type cgroup (rw,nosuid,nodev,noexec,relatime,net_cls)
cgroup on /sys/fs/cgroup/blkio type cgroup (rw,nosuid,nodev,noexec,relatime,blkio)
cgroup on /sys/fs/cgroup/perf_event type cgroup (rw,nosuid,nodev,noexec,relatime,perf_event)
cgroup on /sys/fs/cgroup/hugetlb type cgroup (rw,nosuid,nodev,noexec,relatime,hugetlb)
systemd-1 on /proc/sys/fs/binfmt_misc type autofs (rw,relatime,fd=44,pgrp=1,timeout=300,minproto=5,maxproto=5,direct)
mqueue on /dev/mqueue type mqueue (rw,relatime)
debugfs on /sys/kernel/debug type debugfs (rw,relatime)
hugetlbfs on /dev/hugepages type hugetlbfs (rw,relatime)
/dev/sdb5 on /one-logical type ext4 (rw,relatime,data=ordered)
/dev/sdb6 on /hgs_backup type ext4 (rw,relatime,data=ordered)
/dev/sdb4 on /two_logical type ext4 (rw,relatime,data=ordered)
fusectl on /sys/fs/fuse/connections type fusectl (rw,relatime)
/dev/sdc2 on /ext4_backup type ext4 (rw,relatime,data=ordered)
/dev/sdc1 on /ntfs_backup type fuseblk (rw,nosuid,nodev,noexec,relatime,user_id=0,group_id=0,default_permissions,allow_other,blksize=4096)
/dev/mapper/cr_tmp on /sdb7 type ext4 (rw,relatime,data=ordered)
/dev/mapper/cr_ata-ST3500413AS_5VMPV5Y6-part6 on /home type ext4 (rw,relatime,data=ordered)
/dev/mapper/cr_var_2 on /var type ext4 (rw,relatime,data=ordered)
tmpfs on /var/run type tmpfs (rw,nosuid,nodev,relatime,mode=755)
tmpfs on /var/lock type tmpfs (rw,nosuid,nodev,relatime,mode=755)
binfmt_misc on /proc/sys/fs/binfmt_misc type binfmt_misc (rw,relatime)
/dev/mapper/cr_var on /tmp type ext4 (rw,relatime)
gvfsd-fuse on /run/user/0/gvfs type fuse.gvfsd-fuse (rw,nosuid,nodev,relatime,user_id=0,group_id=0)
gvfsd-fuse on /var/run/user/0/gvfs type fuse.gvfsd-fuse (rw,nosuid,nodev,relatime,user_id=0,group_id=0)
monk:~ #

Here is fstab

monk:~ # cat /etc/fstab
/dev/disk/by-id/ata-ST3500413AS_5VMPV5Y6-part1 /                    ext4       acl,user_xattr        1 1
/dev/mapper/cr_var_2 /var                 ext4       acl,user_xattr,nofail 0 2
/dev/disk/by-id/ata-MAXTOR_STM3320620AS_6QF1BMRR-part4 /two_logical         ext4       defaults              1 2
/dev/mapper/cr_swap  swap                 swap       defaults              0 0
/dev/disk/by-id/ata-Hitachi_HDS721010CLA332_JP2940HD20BMEC-part2 /ext4_backup         ext4       nofail                1 2
/dev/disk/by-id/ata-MAXTOR_STM3320620AS_6QF1BMRR-part6 /hgs_backup          ext4       defaults              1 2
/dev/mapper/cr_ata-ST3500413AS_5VMPV5Y6-part6 /home                ext4       acl,user_xattr,nofail 0 2
/dev/disk/by-id/ata-Hitachi_HDS721010CLA332_JP2940HD20BMEC-part1 /ntfs_backup         ntfs-3g    users,gid=users,fmask=133,dmask=022,locale=en_US.UTF-8,nofail 0 0
/dev/disk/by-id/ata-MAXTOR_STM3320620AS_6QF1BMRR-part5 /one-logical         ext4       defaults              1 2
/dev/mapper/cr_tmp   /sdb7                ext4       nofail                0 2
/dev/mapper/cr_var   /tmp                 ext4       nofail                0 2
monk:~ # 

I did try “init 3” which resulted in a messages about “starting Bluetooth Services” and “Started Bluetooth Services.” I thought I had disabled Bluetooth at installation, as I have no Bluetooth-capable devices. That also took over my whole screen, didn’t give any prompt and I had to reboot. [and I did not fix the /tmp permissions again before creating the listings above]

Any ideas? I am fortunate that my data is intact, and if I have to I can reinstall, but of course I really don’t want to do that, and there is always the chance that I’d have the same problem.

???
“the system might be usable for non-privileged users”
But preventing write access to /tmp makes it completely unusable.

Of course there’s no possibility to gain super-user rights, but non-privileged programs should run for non-privileged users.

Although I have to say that I don’t completely understand that comment anyway.
“is NOT designed to be used in a single-user as well as a multi-user installation, be it networked or not.”
For what is it designed then? What’s left when you throw out single-user and multi-user installations? :sarcastic:
Ah well, the next paragraph states it’s just a starting point for your own system permission configuration in /etc/permissions.local…

@rentpayer:
Your fstab looks ok, although it’s a bit confusing that you mount cr_tmp to /sdb7, and cr_var to /tmp…

Hm.
Something must change the permissions of /tmp/ at boot then I guess. (chkstat is not run automatically on boot, so I would rule out /etc/permissions.*)
Maybe something in /etc/tmpdirs.d/ or /etc/tmpfiles.d/ ?
Could you post /usr/lib/tmpfiles.d/tmp.conf, please?

On 2014-02-08 01:06, rentpayer wrote:

> I set my system up with separate /var and /tmp partitions, both
> encrypted (as are /home and /swap) basically because I can and I figure
> it is somewhat more secure.

Ah! Your “/” is not encrypted, you are not using LVM. I understand now.

> Here is the output of “mount”
>
> Code:
> --------------------
> monk:~ # mount

> /dev/sda1 on / type ext4 (rw,relatime,data=ordered)

> /dev/mapper/cr_tmp on /sdb7 type ext4 (rw,relatime,data=ordered)
> /dev/mapper/cr_ata-ST3500413AS_5VMPV5Y6-part6 on /home type ext4 (rw,relatime,data=ordered)
> /dev/mapper/cr_var_2 on /var type ext4 (rw,relatime,data=ordered)

> /dev/mapper/cr_var on /tmp type ext4 (rw,relatime)

> monk:~ #
> --------------------

On /sdb7? Huh?

Ah… I see. It is not /dev/sdb7, but a directory named “/sdb7”. You
got me very confused for some minutes.

Besides that, all seems normal…

> Here is fstab
> Code:
> --------------------
>
> monk:~ # cat /etc/fstab
> /dev/disk/by-id/ata-ST3500413AS_5VMPV5Y6-part1 / ext4 acl,user_xattr 1 1
> /dev/mapper/cr_var_2 /var ext4 acl,user_xattr,nofail 0 2
> /dev/disk/by-id/ata-MAXTOR_STM3320620AS_6QF1BMRR-part4 /two_logical ext4 defaults 1 2
> /dev/mapper/cr_swap swap swap defaults 0 0
> /dev/disk/by-id/ata-Hitachi_HDS721010CLA332_JP2940HD20BMEC-part2 /ext4_backup ext4 nofail 1 2
> /dev/disk/by-id/ata-MAXTOR_STM3320620AS_6QF1BMRR-part6 /hgs_backup ext4 defaults 1 2
> /dev/mapper/cr_ata-ST3500413AS_5VMPV5Y6-part6 /home ext4 acl,user_xattr,nofail 0 2
> /dev/disk/by-id/ata-Hitachi_HDS721010CLA332_JP2940HD20BMEC-part1 /ntfs_backup ntfs-3g users,gid=users,fmask=133,dmask=022,locale=en_US.UTF-8,nofail 0 0
> /dev/disk/by-id/ata-MAXTOR_STM3320620AS_6QF1BMRR-part5 /one-logical ext4 defaults 1 2
> /dev/mapper/cr_tmp /sdb7 ext4 nofail 0 2
> /dev/mapper/cr_var /tmp ext4 nofail 0 2
> monk:~ #
>
> --------------------

Well, your name choosing is… well, it confuses me, but it is fine.

I hide partitions under “/data”, so that the root filesystem is
uncluttered.

> I did try “init 3” which resulted in a messages about “starting
> Bluetooth Services” and “Started Bluetooth Services.” I thought I had
> disabled Bluetooth at installation, as I have no Bluetooth-capable
> devices. That also took over my whole screen, didn’t give any prompt
> and I had to reboot.

You should have seen a text mode login prompt. Maybe you need to press
“enter”.

> [and I did not fix the /tmp permissions again
> before creating the listings above]
>
> Any ideas? I am fortunate that my data is intact, and if I have to I can
> reinstall, but of course I really don’t want to do that, and there is
> always the chance that I’d have the same problem.

Yes, there is that chance, unless we find the reason first.

–
Cheers / Saludos,

Carlos E. R.

(from 13.1 x86_64 “Bottle” (Minas Tirith))