PDA

View Full Version : [xubuntu] Lost admin privileges after kwin crash, in Xubuntu 14.04



post-y
September 22nd, 2014, 02:50 PM
Suddenly I lost all admin rights; things like shutdown, configure VPN (connections), mount drives, opening programs like Software Center, running program updater etc. no longer works. I can still do things by command line, sudo still works there. And I'm still a member of sudo group. I think it happened due to kwin crashing on system startup. First odd thing I noticed was that I was connected to a "wired connection"; this is how the system described my internet connection, which is actually a wireless mobile 3G modem. I'm running a highly customized Xubuntu 14.04 with kwin as window manager.

I should also say that the night before I had installed (L)AMP according to this (http://joao.machado-family.com/2013/06/04/ubuntu-13-04-apache2-setup-public_html/) instruction, but it didn't quite work for me, so a did a bunch of other stuff as well. My home folder is encrypted, to i also installed Gnome EncFS Manager and arranged things so I could mount an encrypted folder above my home-folder and then use this as a virtual host on my local machine. I was doing a lot of different permission-commands, but I'm fairly sure everything worked fine when I switched of the computer; I rebooted several times to see how gnome encfs manager auto-mount on boot works.

So I'm fairly sure the problem occurred after the kwin crash.

If I start e.g. Software Center using sudo it works fine, and no need to enter password if I try to install a program. One interesting thing I observed: If I open nemo from terminal (just "nemo" NOT "sudo nemo"), and then from nemo I try to open a folder as root, there is no authentication window opening, but I do get an authentication question in the terminal, and if I enter my sudo password here, it opens a sudo nemo--window. This makes me expect it might be the gui for the authentication-program that has somehow been removed.

I've tried a few different ideas I've found in different forums, but nothing works.

My /etc/polkit-1/localauthority.conf.d folder contains two files, 50-localauthority.conf and 51-ubuntu-admin.conf. This is their contents:
50-localauthority.conf:


[Configuration]
AdminIdentities=unix-group:sudo;unix-group:admin


51-ubuntu-admin.conf:


# Configuration file for the PolicyKit Local Authority.
#
# DO NOT EDIT THIS FILE, it will be overwritten on update.
#
# See the pklocalauthority(8) man page for more information
# about configuring the Local Authority.
#

[Configuration]
AdminIdentities=unix-user:0


If I run the command "id" this is what I get:

gid=1000(niklas) grupper=1000(niklas),0(root),4(adm),24(cdrom),27(s udo),30(dip),33(www-data),46(plugdev),108(lpadmin),124(sambashare)

If i run "groups" this is what I get:

niklas root adm cdrom sudo dip www-data plugdev lpadmin sambashare

If I run nemo from terminal (without sudo) I get a bunch of dconf-CRITICAL, e.g.:

dconf-CRITICAL **: unable to create file '/home/niklas/.cache/dconf/user': Access denied. dconf will not work properly.

but nemo does launch.

Finally, here is my /var/log/auth.log from starting up the computer today:


Sep 22 12:33:08 niklas-Q210-P210 dbus[779]: [system] Rejected send message, 7 matched rules; type="method_return", sender=":1.12" (uid=0 pid=1262 comm="/usr/sbin/dnsmasq --no-resolv --keep-in-foreground") interface="(unset)" member="(unset)" error name="(unset)" requested_reply="0" destination=":1.4" (uid=0 pid=885 comm="NetworkManager ")
Sep 22 12:33:15 niklas-Q210-P210 lightdm: PAM unable to dlopen(pam_kwallet.so): /lib/security/pam_kwallet.so: cannot open shared object file: No such file or directory
Sep 22 12:33:15 niklas-Q210-P210 lightdm: PAM adding faulty module: pam_kwallet.so
Sep 22 12:33:15 niklas-Q210-P210 lightdm: pam_unix(lightdm-greeter:session): session opened for user lightdm by (uid=0)
Sep 22 12:33:15 niklas-Q210-P210 lightdm: pam_systemd(lightdm-greeter:session): Failed to create session: Cannot launch daemon, file not found or permissions invalid
Sep 22 12:33:15 niklas-Q210-P210 lightdm: pam_ck_connector(lightdm-greeter:session): nox11 mode, ignoring PAM_TTY :0
Sep 22 12:33:18 niklas-Q210-P210 lightdm: PAM unable to dlopen(pam_kwallet.so): /lib/security/pam_kwallet.so: cannot open shared object file: No such file or directory
Sep 22 12:33:18 niklas-Q210-P210 lightdm: PAM adding faulty module: pam_kwallet.so
Sep 22 12:33:18 niklas-Q210-P210 lightdm: pam_succeed_if(lightdm:auth): requirement "user ingroup nopasswdlogin" not met by user "niklas"
Sep 22 12:33:36 niklas-Q210-P210 lightdm: pam_unix(lightdm-greeter:session): session closed for user lightdm
Sep 22 12:33:36 niklas-Q210-P210 lightdm: pam_unix(lightdm:session): session opened for user niklas by (uid=0)
Sep 22 12:33:36 niklas-Q210-P210 lightdm: pam_systemd(lightdm:session): Failed to create session: Cannot launch daemon, file not found or permissions invalid
Sep 22 12:33:36 niklas-Q210-P210 lightdm: pam_ck_connector(lightdm:session): nox11 mode, ignoring PAM_TTY :0
Sep 22 12:33:40 niklas-Q210-P210 gnome-keyring-daemon[2241]: dconf: unable to create file '/home/niklas/.cache/dconf/user': Åtkomst nekas. dconf will not work properly.
Sep 22 12:33:40 niklas-Q210-P210 gnome-keyring-daemon[2241]: dconf: unable to create file '/home/niklas/.cache/dconf/user': Åtkomst nekas. dconf will not work properly.
Sep 22 12:33:40 niklas-Q210-P210 gnome-keyring-daemon[2241]: couldn't set environment variable in session: The name org.gnome.SessionManager was not provided by any .service files
Sep 22 12:33:40 niklas-Q210-P210 gnome-keyring-daemon[2241]: message repeated 2 times: [ couldn't set environment variable in session: The name org.gnome.SessionManager was not provided by any .service files]
Sep 22 12:35:15 niklas-Q210-P210 gnome-keyring-daemon[2241]: keyring alias directory: /home/niklas/.local/share/keyrings
Sep 22 12:39:01 niklas-Q210-P210 CRON[2939]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 22 12:39:02 niklas-Q210-P210 CRON[2939]: pam_unix(cron:session): session closed for user root


A bit of it is in swedish, so you might wanna know that "Åtkomst nekas" = "Access denied". As you can see, there's a lot of a those and invalid permission etc.

Any ideas on how to resolve this? My next move will be to try to repair with the original Xubuntu install-disc. If that fails I will have to use an a fairly recent backup-disk I made with remastersys. But I'd rather just fix this with a simple command.. ;)

post-y
September 22nd, 2014, 04:26 PM
Just a couple of clarifications:
* running program updater works (starting it), but it only comes as far as "waiting for authentication", and then tells me I don't have permission to use it.
* This whole problem is system-wide. I cannon e.g. use the shutdown-menu from any user, nor from the startup login, the menu found in the top-right corner of this.

post-y
September 23rd, 2014, 12:47 AM
Just remembered something as I just discovered that in audio control for pulseaudio, pavucontrol, under "configuration", it says there are no audio devices available! I then remembered that when kwin crashed, I got the question if I want to forget some drivers/hardware permanently. I chose No to this question, but this might add some clues as to what my admin rights suddenly disappeared.

Anyone?

post-y
September 24th, 2014, 12:12 PM
Bump.

matt_symes
September 24th, 2014, 12:50 PM
Hi

It would be interesting to know what you have done when you customised Xubuntu. Maybe you could elucidate a bit more.

Anyway, to start with the obvious, to you have the required polkit services running ?


matthew-laptop:/home/matthew:2 % ps aux | grep pol
root 1387 0.0 0.1 306292 3904 ? Sl Sep21 0:53 /usr/lib/policykit-1/polkitd --no-debug
matthew 2627 0.0 0.1 541560 4084 ? Sl Sep21 0:02 /usr/lib/policykit-1-gnome/polkit-gnome-authentication-agent-1

Kind regards

post-y
September 24th, 2014, 02:31 PM
Hi Matthem,

Thank you for your response! This is what I get:



niklas@niklas-Q210-P210:~$ ps aux | grep pol
root 901 0.0 0.1 295912 5828 ? Sl 11:59 0:00 /usr/lib/policykit-1/polkitd --no-debug
niklas 5138 0.0 0.0 21388 912 pts/0 S+ 15:24 0:00 grep --color=auto pol


I have no idea if this looks right.. Think this is the problem? It does look a bit different than yours.

I've been using my current cuztomization of Xubuntu for quite some time (months), so I doubt that is it. I've simply put a lot of things in that isn't default, such as kwin as window manager, nemo with a bunch of plugins (some of which were originally build for nautilus but slightly modifiet to fit nemo), a slightly modified theme, and some other stuff.

matt_symes
September 24th, 2014, 02:46 PM
Hi

You don't seem to have polkit-gnome-authentication-agent-1 running.

I think, only think as i'm not 100% sure, that this may be your problem.

The question is how to fix the issue as i have no idea what changes you have made.

BTW: Does this return anything?


grep dbus /var/log/syslog

Do you have this file ?


cat ~/.cache/upstart/dbus.log

If you do then you may want to post the output of both commands into your next post as that may give use more information.

Kind regards

post-y
September 24th, 2014, 03:02 PM
This is what I get:



niklas@niklas-Q210-P210:~$ grep dbus /var/log/syslog
niklas@niklas-Q210-P210:~$ cat ~/.cache/upstart/dbus.log
Activating service name='org.openobex'
Successfully activated service 'org.openobex'
Activating service name='com.ubuntu.OneConf'
Successfully activated service 'com.ubuntu.OneConf'


(process:3278): dconf-CRITICAL **: unable to create file '/home/niklas/.cache/dconf/user': Permission denied. dconf will not work properly.


(process:3278): dconf-CRITICAL **: unable to create file '/home/niklas/.cache/dconf/user': Permission denied. dconf will not work properly.


(process:3278): dconf-CRITICAL **: unable to create file '/home/niklas/.cache/dconf/user': Permission denied. dconf will not work properly.
WARNING:oneconf.hosts:Error in loading other_hosts file: [Errno 2] No such file or directory: '/home/niklas/.cache/oneconf/2c4ec77eb99577a7077f7e2c53a74126/other_hosts'
Activating service name='com.ubuntu.sso'
Successfully activated service 'com.ubuntu.sso'
Activating service name='com.ubuntu.sso'
Successfully activated service 'com.ubuntu.sso'
Activating service name='org.freedesktop.Notifications'
Successfully activated service 'org.freedesktop.Notifications'
/usr/share/themes/Numixbird/gtk-2.0/apps/xfce-panel.rc:128: error: invalid string constant "combo", expected valid string constant
/usr/share/themes/Numixbird/gtk-2.0/apps/claws-mail.rc:1: error: invalid string constant "notebook", expected valid string constant
/usr/share/themes/Numixbird/gtk-2.0/apps/thunar.rc:74: error: invalid string constant "entry", expected valid string constant
Activating service name='org.gtk.vfs.Metadata'
Successfully activated service 'org.gtk.vfs.Metadata'
niklas@niklas-Q210-P210:~$


Also, just a reminder that problem is system-wide, that is, things don't work properly for ANY user. While the guest account isn't supposed to have admin rights, it is supposed to be able to shut down the computer, but that is disabled for that user as well.

matt_symes
September 24th, 2014, 03:22 PM
Hi

There are a couple of things that makje this think this is a policykit problem

1. The fact that you can sudo from the command line
2. The fact that this issue affects all users.

This may be confirmed if you cannot run pkexec from the command line.

I assume you have gparted installed ? What happens if you run this command


pkexec gparted

Can you run these 2 commands and post the output of the last command.



sudo updatedb
locate authentication-agent-1

Kind regards

post-y
September 24th, 2014, 03:42 PM
I could start gparted, but it required an authenciation that was performed in terminal. This is the output, the last line examplifies about 20-30 simular errors of the same type:



niklas@niklas-Q210-P210:~$ pkexec gparted
==== AUTHENTICATING FOR com.ubuntu.pkexec.gparted ===
Authentication is required to run the GParted Partition Editor
Authenticating as: Niklas,,, (niklas)
Password:
==== AUTHENTICATION COMPLETE ===
/usr/share/themes/Numixbird/gtk-2.0/apps/xfce-panel.rc:128: error: invalid string constant "combo", expected valid string constant
/usr/share/themes/Numixbird/gtk-2.0/apps/claws-mail.rc:1: error: invalid string constant "notebook", expected valid string constant
/usr/share/themes/Numixbird/gtk-2.0/apps/thunar.rc:74: error: invalid string constant "entry", expected valid string constant
======================
libparted : 2.3
======================


(gpartedbin:3012): GLib-CRITICAL **: Source ID 7 was not found when attempting to remove it


Last command gives me this:



niklas@niklas-Q210-P210:~$ locate authentication-agent-1
/etc/xdg/autostart/polkit-gnome-authentication-agent-1.desktop
/home/remastersys/remastersys/dummysys/etc/xdg/autostart/polkit-gnome-authentication-agent-1.desktop
/usr/lib/policykit-1-gnome/polkit-gnome-authentication-agent-1
niklas@niklas-Q210-P210:~$

matt_symes
September 24th, 2014, 03:52 PM
Hi


I could start gparted, but it required an authenciation that was performed in terminal.

You have no authentication window popup ?

Open a terminal and copy and paste this into it.


/usr/lib/policykit-1-gnome/polkit-gnome-authentication-agent-1 &

Ignore any text it may display and then type..


pkexec gparted

Do you get a popup authentication window ?

Enter your password. Does it start gparted ?

Kind regards

post-y
September 24th, 2014, 04:11 PM
Nope, no popup window. Maybe it's just the GUI that's missing for some reason? Or some sort of connector/bridge?

Entering suggested commands gives me this:



niklas@niklas-Q210-P210:~$ /usr/lib/policykit-1-gnome/polkit-gnome-authentication-agent-1 &
[1] 3400
niklas@niklas-Q210-P210:~$
(polkit-gnome-authentication-agent-1:3400): polkit-gnome-1-WARNING **: Unable to determine the session we are in: No session for pid 3400
pkexec gparted
==== AUTHENTICATING FOR com.ubuntu.pkexec.gparted ===
Authentication is required to run the GParted Partition Editor
Authenticating as: Niklas,,, (niklas)
Password:
==== AUTHENTICATION COMPLETE ===
/usr/share/themes/Numixbird/gtk-2.0/apps/xfce-panel.rc:128: error: invalid string constant "combo", expected valid string constant
/usr/share/themes/Numixbird/gtk-2.0/apps/claws-mail.rc:1: error: invalid string constant "notebook", expected valid string constant
/usr/share/themes/Numixbird/gtk-2.0/apps/thunar.rc:74: error: invalid string constant "entry", expected valid string constant
======================
libparted : 2.3
======================


(gpartedbin:3442): GLib-CRITICAL **: Source ID 7 was not found when attempting to remove it


(follwed by multiples of errers simular to last line last line)

No pop-up.. but it starts just fine, though it takes a time to load/read the hdd:s.

matt_symes
September 24th, 2014, 04:22 PM
Hi

I may have to have a think about this one and do some research.

I am just about to sign off for the day so we can continue this tomorrow if you like.

Hopefully someone else can help in the meantime.

Kind regards

post-y
September 24th, 2014, 04:26 PM
Ok, no worries! I'm most grateful for all the help you can provide. I was acctually just about to reinstall the whole system from back-up, but now atleast I got my hopes up, so I'll put that on hold for a while still :)
See you tomorrow!

post-y
September 26th, 2014, 10:27 AM
Bump.

M4he
October 29th, 2014, 02:15 PM
Hello. I also had a very similar problem with Xubuntu after my system crashed while in standby (battery ran out). Also had those permission errors, couldn't use pkexec, couldn't shutdown/logout, couldn't run loginctl etc. Long story short: Skype was installed with a bunch of 32bit libs, including some 32bit PAM libs. As per https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1295521/comments/15 it seems to be related to the 32bit PAM libs. So I removed Skype and all related 32bit packages and rebooted. Permissions worked again! Then I reinstalled Skype and the libraries & rebooted. System skill working. Here are all the packages I uninstalled:
gcc-4.8-base:i386 gcc-4.9-base:i386 libaudio2:i386 libc6:i386 libcgmanager0:i386 libdbus-1-3:i386 libdrm2:i386 libexpat1:i386 libffi6:i386 libfontconfig1:i386 libfreetype6:i386 libgcc1:i386 libgcrypt11:i386 libgl1-mesa-glx:i386 libglapi-mesa:i386 libglib2.0-0:i386 libgpg-error0:i386 libgstreamer-plugins-base1.0-0:i386 libgstreamer1.0-0:i386 libice6:i386 libjbig0:i386 libjpeg-turbo8:i386 libjpeg8:i386 liblzma5:i386 libnih-dbus1:i386 libnih1:i386 liborc-0.4-0:i386 libpcre3:i386 libpng12-0:i386 libqt4-dbus:i386 libqt4-declarative:i386 libqt4-network:i386 libqt4-opengl:i386 libqt4-script:i386 libqt4-sql:i386 libqt4-xml:i386 libqt4-xmlpatterns:i386 libqtcore4:i386 libqtdbus4:i386 libqtgui4:i386 libqtwebkit4:i386 libselinux1:i386 libsm6:i386 libsqlite3-0:i386 libssl1.0.0:i386 libstdc++6:i386 libtiff5:i386 libudev1:i386 libuuid1:i386 libx11-6:i386 libx11-xcb1:i386 libxau6:i386 libxcb-dri2-0:i386 libxcb-dri3-0:i386 libxcb-glx0:i386 libxcb-present0:i386 libxcb-sync1:i386 libxcb1:i386 libxdamage1:i386 libxdmcp6:i386 libxext6:i386 libxfixes3:i386 libxi6:i386 libxml2:i386 libxrender1:i386 libxshmfence1:i386 libxslt1.1:i386 libxss1:i386 libxt6:i386 libxv1:i386 libxxf86vm1:i386 skype skype-bin:i386 zlib1g:i386 gtk2-engines-murrine:i386 gtk2-engines-pixbuf:i386 libatk1.0-0:i386 libavahi-client3:i386 libavahi-common-data:i386 libavahi-common3:i386 libcairo2:i386 libcomerr2:i386 libcups2:i386 libdatrie1:i386 libgdk-pixbuf2.0-0:i386 libgnutls26:i386 libgraphite2-3:i386 libgssapi-krb5-2:i386 libgtk2.0-0:i386 libharfbuzz0b:i386 libjasper1:i386 libk5crypto3:i386 libkeyutils1:i386 libkrb5-3:i386 libkrb5support0:i386 libp11-kit0:i386 libpango-1.0-0:i386 libpango1.0-0:i386 libpangocairo-1.0-0:i386 libpangoft2-1.0-0:i386 libpangox-1.0-0:i386 libpangoxft-1.0-0:i386 libpixman-1-0:i386 libtasn1-6:i386 libthai0:i386 libxcb-render0:i386 libxcb-shm0:i386 libxcomposite1:i386 libxcursor1:i386 libxft2:i386 libxinerama1:i386 libxrandr2:i386 libasound2:i386 libasound2-plugins:i386 libasyncns0:i386 libaudit1:i386 libcap2:i386 libfftw3-single3:i386 libflac8:i386 libgomp1:i386 libjack-jackd2-0:i386 libjson-c2:i386 libltdl7:i386 libogg0:i386 libpam-systemd:i386 libpam0g:i386 libpulse0:i386 libsamplerate0:i386 libsndfile1:i386 libspeexdsp1:i386 libsystemd-login0:i386 libtdb1:i386 libvorbis0a:i386 libvorbisenc2:i386 libwrap0:i386 pulseaudio:i386 libdbusmenu-qt2:i386 sni-qt:i386 I assume only those 2 are really relevant though:
libpam-systemd:i386 libpam0g:i386 It's very unusual for Linux that a simple uninstall/reinstall procedure actually fixes something but hey, my system is working fine again. Maybe this might help you or some other users which find this topic looking for a solution.