search

systemd / systemd

The systemd System and Service Manager
https://systemd.io
GNU General Public License v2.0
13.26k stars 3.79k forks source link

headless piping into run0 authentication error, "Failed to start transient service unit: Interactive authentication required." #35018

Open greyltc opened 4 days ago

greyltc commented 4 days ago

systemd version the issue has been seen with

256.7

Used distribution

Arch Linux

Linux kernel version used

6.11.6-arch1-1

CPU architectures issue was seen on

x86_64

Component

systemd-run

Expected behaviour you didn't see

I expect that if I ssh into my headless server and do echo "ls -al /root" | run0 bash as a non-root user, then it should work just like it would if I replaced run0 with sudo, i.e. I should get a prompt to enter my password and then get a listing of the /root directory

Unexpected behaviour you saw

On my headless server as user in wheel group (unexpected behavior):

$ echo "ls -al /root" | run0 bash
Failed to start transient service unit: Interactive authentication required.

Expected behavior you saw

On my headless server as root user (expected behavior):

# echo "ls -al /root" | run0 bash
total 0
drwxr-x--- 1 root root   0 Nov  4 18:20 .
drwxr-xr-x 1 root root 122 Nov  4 18:20 ..

In the console on my GNOME desktop computer as a user in wheel group (expected behavior):

$ echo "ls -al /root" | run0 bash
# UI prompt window appears now asking for my password, and after entering it
total 0
drwxr-x--- 1 root root   258 Oct 30 00:40 .
drwxr-xr-x 1 root root   136 May  8 20:52 ..

On my headless server as a user in wheel group using sudo in place of run0 (expected behavior):

$ echo "ls -al /root" | sudo bash
[sudo] password for user:
total 0
drwxr-x--- 1 root root   0 Nov  4 18:20 .
drwxr-xr-x 1 root root 122 Nov  4 18:20 ..

On my headless server as a user in wheel group, running the command directly instead of piping it into bash (expected behavior):

$ run0 ls -al /root
==== AUTHENTICATING FOR org.freedesktop.systemd1.manage-units ====
Authentication is required to manage system services or other units.
Authenticating as: user
Password: 
==== AUTHENTICATION COMPLETE ====
total 0
drwxr-x--- 1 root root   0 Nov  4 18:20 .
drwxr-xr-x 1 root root 122 Nov  4 18:20 ..

Steps to reproduce the problem

  1. Use Arch Linux (doubtful that distro matters, though I haven't tested others) without a desktop environment installed
  2. run echo "ls -al /root" | run0 bash as a non-root user

Additional program output to the terminal or log subsystem illustrating the issue

No response

greyltc commented 4 days ago

Sorry, this might already be addressed. I couldn't find https://github.com/systemd/systemd/pull/34891 and https://github.com/systemd/systemd/issues/33033 in my search

Edit: maybe that stuff's not relevant here, I'm not sure!

poettering commented 3 days ago

we currently spawn the polkit agent only if stdin is not a pipe. I guess this is what triggers this.

we could probably change that to see if we have a controlling terminal instead, and then reopen /dev/tty and operate on that, so that this always works, even when part of a shell pipeline