elogind stops incrementing session ID after some uptime
SlackwareThis Forum is for the discussion of Slackware Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
elogind stops incrementing session ID after some uptime
elogind 246.10 stops incrementing session ID after some uptime (check /var/log/messages*) and even creating new sessions for concurrent SSH logins. Daemon restart doesn't help.
I'm using Slackware 15.0 (32 bits), kernels 5.15.38-smp (uptime 200+ days) and 5.15.63-smp (uptime 128+ days).
Haven't seen this problem ever, although I am using the 64-bit version of slackware 15.0.
Elogind's operation is pretty basic. The daemon runs at startup via /etc/rc.d/rc.elogind, it uses the system dbus to communicate and so depends on /etc/rc.d/rc.messagebus. As long as both are executable then elogind daemon should be running from boot.
The actual session registering and un-registering happens in the pam stack, with the pam_elogind.so module. As long as you have the stock configs in /etc/pam.d/ then the pam_elogind.so module should be getting used for most login methods (console, sddm, xdm, ssh, to name a few). If you've edited those configs and removed or made it possible to skip pam_elogind then it would fail to register a session with elogind.
How do you know it stops tracking sessions? Are there any logs of elogind-daemon crashing or the pam_elogind module failing in the pam logs?
You can use something like "loginctl list-sessions" to see what its tracking, and test if the daemon is running and/or can start at all. Btw, using 'loginctl' will auto activate the elogind-daemon if it was not running, so if it had crashed or otherwise stopped, it would just start another instance when using the loginctl command.
elogind 246.10 stops incrementing session ID after some uptime (check /var/log/messages*) and even creating new sessions for concurrent SSH logins. Daemon restart doesn't help.
I noticed this happening after manually restarting sshd. The problem was that the restarted sshd inherited the elogin cgroup from the session I had when running /etc/rc.d/rc.sshd restart.
You can check the current cgroup of sshd with (note: for simplicity this and the following examples assume that "pgrep" finds exactly ONE process – if not, you will get errors):
I logged in using serial console and session ID jumped from 88 to 145. Then I rebooted 5.15.63-smp to 5.15.94-smp and ID incrementing works again but now I'm afraid of a potential service restart.
Code:
alias checksids='(cd /proc && for pid in [[:digit:]]*; do if [ -e $pid ]; then sid=`cat $pid/sessionid`; if [ ${sid:-0} -ne 4294967295 ]; then printf "%5i %-16s %4i %-24s %4i\n" $pid `cat $pid/comm` $sid `grep elogind $pid/cgroup` `cat $pid/loginuid`; fi; fi; done)'
and no matter what I try (actually sudo -b bash -c '...'), I can't get rid of session 124. At least not alone, though.
Question of the day: How do I restart a service using sudo so it doesn't inherit /proc/self/sessionid of the shell I'm doing it from?
Update: I logged in using SSH as root and session ID jumped from 124 to 128. Then I restarted a service using sudo (due to /var/log/secure record), logged out, logged in again as root and ID incremented to 129 but I guess it worked just because of root as regular user login behaviour remains unchanged (ID stuck at 124).
Another update: I restarted SSH daemon as root using sudo and the issue seems fixed now (logged in as regular user and got incremented ID) but I want to restart as regular user using sudo, not as root.
Last edited by opty; 03-13-2023 at 08:41 AM.
Reason: Another update
Update: I logged in using SSH as root and session ID jumped from 124 to 128. Then I restarted a service using sudo (due to /var/log/secure record), logged out, logged in again as root and ID incremented to 129 but I guess it worked just because of root as regular user login behaviour remains unchanged (ID stuck at 124).
Looks like you only get a new session id if the sessionid of sshd belongs to a different user than the one who is currently logging in with ssh (restart as root = sessionid of root is stuck, restart as user with sudo = sessionid of sudo-user is stuck). I don't know if i missed that when i initially found my "cgroup" workaround or if something changed the behaviour afterwards.
So far I have only found another rather cumbersome workaround (which probably doesn't play well with sudo either): use /etc/inittab to start an "empty" tmux server (tmux -D) to which you can then connect to restart the services from there. As the server is started by init, it will have no cgroup and no sessionid and this inherits to all tmux-sessions and services restarted from those sessions. 🙈
But I would definitely prefer a way to reset the sessionid like the cgroup.
So far I have only found another rather cumbersome workaround (which probably doesn't play well with sudo either): use /etc/inittab to start an "empty" tmux server (tmux -D) to which you can then connect to restart the services from there. As the server is started by init, it will have no cgroup and no sessionid and this inherits to all tmux-sessions and services restarted from those sessions. 🙈
But I would definitely prefer a way to reset the sessionid like the cgroup.
Another option is to keep the root account from registering elogind sessions with a rule to skip the pam_elogind.so module.
E.g. If you have tty login access then you could modify /etc/pam.d/login to have the following line, right before the pam_elogind.so module is loaded:
The 'sufficient' rule passes, as long as the user authenticating is uid 0. 'quiet' prevents this rule from getting logged in /var/log/secure, which would otherwise be logged on every tty login/logout when this rule tests.
With the 'sufficient' condition, pam exits the current config without running further modules, which should just be the remaining pam_elogind.so module. Order matters so pam_elogind needs to be last, with this rule second last. With that setup, root will skip loading and registering an elogind session on tty logins. Then you can login with a tty as root to start/stop rc.sshd while always keeping sshd unassociated with a elogind/cgroup session.
Kinda hacky but it works. Had some similar sessionid issues with tigervnc a while back which opty linked to. Didn't realize it was the same thing happening here. Not sure if there's an easier way to remove a process from a session id. I guess this is one of the cases where its nice to have an init started service manager that runs outside of elogind's scope.
Looks like you only get a new session id if the sessionid of sshd belongs to a different user than the one who is currently logging in with ssh (restart as root = sessionid of root is stuck, restart as user with sudo = sessionid of sudo-user is stuck).
Yes, session ID increments when login UID changes.
OpenSSH upgraded and I broke it again, fortunately just for root.
If I'm not missing something again, I've now found a solution that does not need the ugly inittab + tmux workaround and also works with sudo. You apparently can't directly change /proc/PID/sessionid, but it will be reset when you unset /proc/PID/loginuid.
Try this extended version of my (simplified) above /usr/local/sbin/rc script:
Note: I'm running slackware64-current, but still with kernel 5.19.16 (kernel-generic-5.19.16-x86_64-1). If it even with /proc/$$/loginuid does not work, then it seems to be due to the kernel version or its configuration?
Last edited by Markus Wiesner; 03-18-2023 at 04:35 PM.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.