Hi,

Thanks a lot for your explanations!
I figured I could use a systemd unit as a sort of very thin display manager to
create a second session for my own user. I'll try using the same tty, without
extra sessions, then.
Well, this is just for my home PC... I tried managing user daemons, X, etc. via
systemd --user some time ago, and loved it! I'm just trying to do it in a way
that will not break much as the thing evolves.
I was referring to the systemd --user instance running as user abdo via the
***@.service unit. Then when I started a systemd --user unit containing

User=abdo
PAMName=login

I got the GROUP error I reported. In this case the initgroups() is called as my
unprivileged user abdo because it is the user for which the systemd --user
process is running. Did I miss something? I didn't look at it very carefully,
just guessed the problem and tested a solultion that happened to work.

I understand I shouldn't do the PAM stuff from a systemd --user unit, but the
problem with group privs I encountered in systemd --user instances may still be
an issue.

Abdó Roig.

What about logind/polkit? I.e. if i start nm-applet from ***@user,
than polkit doesn't authenticate it, as it not belong to active session

How (if at all) does this cope with gdm multi-seat? Even if it isn't
possible for the same "real user" to be on more than one seat
simultaneously, if I understand it correctly, I think a multi-seat gdm
setup still wants to be running the greeter (as a system user, e.g.
Debian-gdm on Debian) on each seat.

(One possibility is to have some way for gdm to synthesize new uids, but
that needs OS-integrator-level support, e.g. a reserved uid range;
another is for each seat's greeter to set the necessary pile of extra
environment variables to avoid using the XDG_RUNTIME_DIR much, or at all.)

S

Now updated with various bugfixes. PolicyKit works, the lock screen
works, etc.

However...let me call out one particular change:

diff --git a/src/login/logind-dbus.c b/src/login/logind-dbus.c
index 7b9bd20..2fab003 100644
--- a/src/login/logind-dbus.c
+++ b/src/login/logind-dbus.c
@@ -485,6 +485,10 @@ static int bus_manager_create_session(Manager *m, DBusMessage *message) {
}

r = manager_get_session_by_pid(m, leader, &session);
+ if (!session) {
+ /* Fall back to the primary session */
+ r = manager_get_primary_session_by_pid(m, leader, &session);
+ }
if (session) {
_cleanup_dbus_message_unref_ DBusMessage *reply = NULL;
_cleanup_free_ char *path = NULL;

I had to patch logind itself to have pkexec work (and similar would
apply to su/sudo). At this point I think I've patched pretty much all
the interesting session lookup calls to fall back to primary. Perhaps
that's not wrong, but it does give one pause. I could just change
sd_pid_get_session() to do that by default...

Or maybe we should spawn ***@.service from inside the first session,
and treat that as primary; add a new state like "user-linger" that
occurs if the user logs in twice, then closes the first one.

It would feel a lot less architecturally weird too if we changed getty
and ssh logins to behave the same way as gdm - i.e. we have
***@.service, and keep around a dummy process.

So...dunno, it does feel hacky in some ways.

On the other hand, I'm *really* looking forward to being able to just
ssh/VT login into a machine and be able to run e.g. "gdbus monitor" and
"gsettings".

Hi Colin,

I realise this thread may be out-of-date by now, so please excuse me
if I'm commenting on something which has later changed.
Hm, I'm not really happy with the notion of a "primary" session,
particularly as it relies on distinguishing between graphical and
non-graphical sessions (where does the line go between a traditional
VT, systemd-consoled, kmscon, wayland, X,...). And also relying on
something being the "first" sounds like it may become confusing for
the user.

Have you considered taking things one step further, and simply force
at most one logind session per user? This would mean that logging in
as the same user the second time means the new login will join the
already existing session. We then get:

* If at most one of the logins is associated with a seat (and the
rest are remote), things will work just as now.

* If two logins (of the same user) are associated with different
seats, this is not really supported at the moment, so we could ban it,
or we could simply allow it and temporarily merge the two seats and
let the session controller (window manager) deal with how that should
be presented to the user. This would probably mean that we want
logind's interfaces for getting hardware devices should be per-user,
and not per-session.

* If two logins (of the same user) are both associated with the same
seat, we'll have to allow switching between the two apps being the
session controller within the same session (this is a common use-case
for when you login once with consoled and once with mutter, or
something like that).

Cheers,

Tom