Earlier this week, I bought a new laptop. More on that once I’ve had a little more time to use it. But I wanted to share two things that I learned while setting it up. The first is straightforward: I really regret not putting effort into getting key configs (like users) into Ansible so that I didn’t have to do stuff by hands. The second requires some storytelling.
I installed Fedora 26 (KDE spin) and everything seemed good. I created accounts for my wife and me and then called it a night because I was tired. The next day, I wanted to get a little more configuration done, so I tried to log in. My password was accepted, but it immediately returned me to the login screen. So I logged in to a text console. That worked fine. I tried logging in to KDE as root. It worked. It had to be something about my account.
So I asked the trusty journal what was wrong. I saw messages like this:
Oct 05 18:04:44 holton sddm-helper[2770]: Starting: "/etc/X11/xinit/Xsession /usr/bin/startkde"
Oct 05 18:04:44 holton audit[2787]: AVC avc: denied { write } for pid=2787 comm="sddm-helper" name="bcotton" dev="dm-3" ino=5242881 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=unco
Oct 05 18:04:44 holton sddm-helper[2787]: Could not open stderr to "/home/bcotton/.cache/xsession-errors"
Oct 05 18:04:44 holton audit[2787]: AVC avc: denied { write } for pid=2787 comm="sddm-helper" name="bcotton" dev="dm-3" ino=5242881 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=unco
Oct 05 18:04:44 holton kernel: sddm-helper[2787]: segfault at 0 ip 00007fc1e8f97b1e sp 00007ffc7a29d1e0 error 4 in libc-2.25.so[7fc1e8f25000+1c7000]
Oct 05 18:04:44 holton audit[2787]: ANOM_ABEND auid=47703 uid=47703 gid=500 ses=5 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 pid=2787 comm="sddm-helper" exe="/usr/libexec/sddm-helper" sig=11 res=
Oct 05 18:04:44 holton sddm-helper[2787]: Opening the Xauthority file at "/home/bcotton/.Xauthority" failed
Oct 05 18:04:44 holton sddm-helper[2770]: pam_unix(sddm:session): session closed for user bcotton
I checked to make sure my home directory existed. It did.
I checked to make sure I could write to it. I could.
I turned off Selinux. No help.
A forum post suggested removing the sddm package and using kdm instead. It didn’t help.
I created a new user. It could log in. What was going on?
Well at one point, I noticed that when I did an ls -l
on /home
, my home directory showed a numeric group ID instead of a name. Ah ha! When I created the users, I used KDE’s user management GUI. It auto-created a group with a GID that matched the UID of the account. But I didn’t want that group, so I deleted it and made another group my default. But by that point, the home directory had already been created, so it was owned by the group that no longer exists.
After I changed the group ownership, it worked just fine. I should have just used the useradd command to begin with since I could have made it work the way I intended. Or I could have used a configuration management tool to do it for me. Maybe that will be my next project…