[Bug 279669] x11/lightdm does not unlock gnome-keyring since upgrade to 14.1-RELEASE

In reply to: bugzilla-noreply_a_freebsd.org: "[Bug 279669] x11/lightdm does not unlock gnome-keyring since upgrade to 14.1-RELEASE"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Thu, 12 Jun 2025 16:52:40 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=279669

Jonathan Vasquez <jon@xyinn.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |jon@xyinn.org

--- Comment #13 from Jonathan Vasquez <jon@xyinn.org> ---
Hey all, I've also been dealing with gnome-keyring related issues (used to work
a few months ago but for whatever reason I'm unable to get it
(gnome-keyring/thunar/samba) fully working with a fresh install). I'll avoid
going to much into it since its only tangetilly related to this ticket since I
don't use lightdm, however I did do a lot of experimentation with using the
normal "pam_xdg.so" flow and using ck-launch-session, and I can confirm others
have said regarding the XDG_RUNTIME_DIR being set differently.

One thing I did want to bring up is that I noticed the /var/run/xdg directory
is set to 744 by default, which would prevent the user itself from viewing the
contents of this directory. It should be safe to allow everyone to read that
directory by making it 755. It's safe specifically because every user under
'xdg' has 700 as permissions, so this would mean that every user logged into
that system would be able to view their own contents but no one elses. For
example:

744 /var/run/xdg
700 /var/run/xdg/jon

User 'jon' cant do 'ls /var/run/xdg/jon'. I'm not sure if there are negative
side effects due to this. The only thing I've noticed is a 'gkr-pam: unable to
locale daemon control file' warning, but the file is actually properly created
upon a successful login, and the xdg/jon dir is completely removed upon a log
out. My gnome-keyring's "Login" (and default) keyring seems to be successfully
unlocked, although for w/e reason Thunar can't store the passwords upon a
successful samba login when the "Remember forever" option is set. The gkr-pam
warning happens even if I log into a tty successfully for the user in tty1, and
then switch to tty0 and try to login again with the same user. At that point
the xdg/jon/keyrings/control socket does exist so I would assume the warning to
go away. Not sure how this is working.

Anyways, just an observation regarding those permissions and wanted to confirm
if that's intended behavior. Thank you!

-- 
You are receiving this mail because:
You are the assignee for the bug.