On Mon, Apr 3, 2017 at 11:20 PM, Christian Einfeldt einfeldt@gmail.com wrote:
Hi,
I am experiencing a very strange thing for which there are no ready answers by googling. I am a volunteer for a non-profit which puts GNU-Linux computers in low income shelters. They are stand-alone machines connected directly to the Internet via a hub on a dedicated ethernet cable.
The shelters don't want the users to be able to store anything directly to the machine's hard drive. To give them that functionality, we ask them to use the guest session, which wipes out all data by default when the session ends.
Right now, however, we are experiencing a failure of logging into the guest session. Normally, you just choose the guest session in the Lubuntu login screen, and hit enter, and it boots up a full guest session. No password is required.
Now, when I chose the guest session and hit enter, the system appears to head toward a normal login, but then quickly fails and returns to the login screen.
The system's SU admin account is performing normally. To get into the admin account, I just choose it in the login screen, enter the password, and the admin session boots up normally.
This whole thing is very strange, and I have never seen anything like it before. We are using 14.04 on 13 machines with identical or similar hardware and are not having any such problems. This email is being written on one of those such machines, and the guest session works just fine.
I ran updates on the malfunctioning machines, rebooted, no joy.
Thanks very much in advance.
In case anyone was curious as to what happened with this, I finally had some time to sit down on site this evening and do some debugging.
Some background as to how the guest logins work in Lubuntu: A guest-XXXXX (random characters) user is created upon login, which is used throughout the session. It is then deleted when the user logs out.
After some red herrings in the auth logs (mostly PAM errors around KDE and Gnome keyrings), I did some digging in the lightdm logs. Eventually I noticed the UID of the guest account trying to be created was the same every time a login attempt was made: 999. Odd. So I looked in /etc/passwd and noticed that there were hundreds of guest-XXXXX accounts. That's no good!
Turns out, at some point the /etc/subgid.lock file got stuck in an existing state (wasn't deleted when the lock concluded), which meant the command to delete the user was not completing successfully upon logout. Users were piling up and never being deleted. Once the UIDs hit 999 it was failing to create new guest users, so the login would fail. I quick mv (rm didn't work) of the subgid.lock file and a script to delete all the guest accounts got us going again.
I'm considering my options to get us out of this reoccurring issue in the future. I'm thinking of just a cron job on each machine that checks for a subgid.lock file sticking around for more than a couple days and moving it out of the way, but I'll sleep on it. More clever suggestions welcome ;)