Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

After os_hardening user@1000.service fails on Debian #613

Open
graudeejs opened this issue Dec 28, 2022 · 0 comments
Open

After os_hardening user@1000.service fails on Debian #613

graudeejs opened this issue Dec 28, 2022 · 0 comments
Labels
bug

Comments

@graudeejs
Copy link

graudeejs commented Dec 28, 2022
edited

Description

After executing os_hardening role on Debian servers user@UID.service fails after server reboot. In my case my user has UID 1000, so user@1000.service fails.

-- Boot af0d58da83704a77894a9f5655c15372 --
Dec 28 17:11:48 upc-pl-pg-01 systemd[1]: Starting User Manager for UID 1000...
Dec 28 17:11:48 upc-pl-pg-01 systemd[659]: pam_unix(systemd-user:session): session opened for user graudeejs(uid=1000) by (uid=0)
Dec 28 17:11:48 upc-pl-pg-01 systemd[659]: Failed to determine supported controllers: No such process
Dec 28 17:11:48 upc-pl-pg-01 systemd[659]: Failed to allocate manager object: No such process
Dec 28 17:11:48 upc-pl-pg-01 systemd[1]: user@1000.service: Main process exited, code=exited, status=1/FAILURE
Dec 28 17:11:48 upc-pl-pg-01 systemd[1]: user@1000.service: Failed with result 'exit-code'.
Dec 28 17:11:48 upc-pl-pg-01 systemd[1]: Failed to start User Manager for UID 1000.

Reproduction steps

1. Create new Debian server (Debian 10 or 11).
2. Deploy os_hardening role
3. reboot server
4. SSH into server and run `systemctl list-units --failed` to see, which services failed

Current Behavior

user@UID.service service fails after server reboot post os_hardening

Expected Behavior

user@UID.service service keeps working after server reboot post os_hardening

OS / Environment

Debian 10, Debian 11

Ansible Version

ansible [core 2.14.0]
  config file = /home/graudeejs/src/graudeejs-infra/ansible.cfg
  configured module search path = ['/home/graudeejs/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /nix/store/658lm2cpsm085jpql2y4583gl7nddggw-python3.10-ansible-core-2.14.0/lib/python3.10/site-packages/ansible
  ansible collection location = /home/graudeejs/src/graudeejs-infra/collections
  executable location = /nix/store/658lm2cpsm085jpql2y4583gl7nddggw-python3.10-ansible-core-2.14.0/bin/ansible
  python version = 3.10.8 (main, Oct 11 2022, 11:35:05) [GCC 11.3.0] (/nix/store/lbn7f0d2k36i4bgfdrjdwj7npy3r3h5d-python3-3.10.8/bin/python3.10)
  jinja version = 3.1.2
  libyaml = True

Collection Version

8.4.0

Additional information

The issue is not specific to Ansible version.
The issue has been around for a long time (first noticed in 7.14.1, but possibly was present before that).
@graudeejs graudeejs added the bug label Dec 28, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@graudeejs