.Xauthority issue- users cannot log in if they have a home directory

chrisr710 · 11-17-2018, 02:10 AM

Hello:
I am running ubuntu 16.04.4 LTS
and using LXDM as a Display Manager.
As soon as I create a home directory for a user, they cannot log in via the GUI. The password is accepted, but logins are spit right back to the greeter screen. The same user can log in via terminal or ssh with no issues. Looking at auth.log I see the entry:
session opened for user LogAdmin by (uid=0)
Nov 17 01:03:33 MECKSYSLOG lxdm-session: pam_unix(lxdm:session): session opened for user LogAdmin by (uid=0)
Nov 17 01:03:33 MECKSYSLOG lxdm-session: pam_systemd(lxdm:session): Cannot create session: Already running in a session
Nov 17 01:03:33 MECKSYSLOG lxdm-session: pam_unix(lxdm:session): session closed for user LogAdmin .
If I remove the user's home directory, they can log in without issue. I suspect it's the .Xauthority "cookie" that is causing my issue. I have tried reboots, creating new users, etc, but the consistent issue is that as soon as the user has a home directory, the .Xauthority file goes in there and the user cannot log in.
Any help is appreciated!!

BW-userx · 11-17-2018, 07:00 PM

is this a server type setup? more than one loggin at a time? might be needing to switch ttys for each user login

chown username:usergroup .Xauthority
in there home and try it.

ondoho · 11-18-2018, 03:57 AM

you should probably use the gui utilities provided by ubuntu to create a new user.

chrisr710 · 11-19-2018, 01:02 PM

Thanks for your replies (both)
I am in an environment where I have to add some users with shell scripts and there are some custom perms required, so it is unfortunate that I can't use all the built-in Ubuntu methods. Thank you for that advice...

I have gotten a bit further and I have now discovered that my users have to be a member of the "root" group in order to log in (to the desktop, all users can log in fine to a terminal).

I tried changing the permissions on the home directory to user:user, and when that didn't work changed perms on all files and directories inside the homedir to user:user. No change to the original problem.

What DID work was adding the user to the root group. Invariably, if I add a user to the root group, they can log in (whether they have a home dir or not). I notice that the .Xauthority cookie gets created when they log in and is assigned the correct permissions (user:user) in the home directory.

So, I imagine that users which are not members of the root group are lacking privileges to a file somewhere which they need to be able to access in order to log in. Still looking for that file.

BW-userx · 11-19-2018, 01:13 PM

that does not make any sense at all, no one but root should be root group,

ask yourself how are others logging into ttys while not being in the root group?

if I set up my laptop to login using two ttys and gui for booth if memory serves me right, I can switch ttys login as someone else and start a desktop without issues. sorry I do not know all of the nooks and crannies of how this works. but having to put each user in the root group just does not sound correct to me, but I could be wrong.

chrisr710 · 11-19-2018, 08:52 PM

Well,
Thanks VERY much for your help. The bottom line was that inside the scripts which are executed after the greeter ( specifically /etc/X11/XSession line 66) there is a chmod command run on an error file (line 66 of that script). For security purposes, I had restricted the use of chmod to only members of the root group.Since the script is run as the user (not root) it would error out because it couldn't run chmod, and the login would abort.

If the user did not have a home dir, then the file didn't exist, and chmod was not attempted. Thus, users (1)with a home directory who (2)were not members of root could not log in.

Apparently users need to have chmod abilities in this environment, in order to start a session. Good to know.