[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: swaylock does not accept my correct password and fails to unlock
|
From: |
Remco van 't Veer |
|
Subject: |
Re: swaylock does not accept my correct password and fails to unlock |
|
Date: |
Fri, 22 Dec 2023 08:56:20 +0100 |
|
User-agent: |
mu4e 1.10.8; emacs 29.1 |
Hi,
This looks like a problem I had in June of this year. Something to do
with swaylock needing pam stuff instead of setuid. I fixed it by
removing the setuid on swaylock and adding the following service:
(define swaylock-service-type
(service-type
(name 'swaylock)
(description "Swaylock needs /etc/pam.d/swaylock configuration.")
(extensions
(list
(service-extension pam-root-service-type
(lambda (_)
(list
(pam-service
(name "swaylock")
(auth
(list
(pam-entry (control "include")
(module "login"))))))))))
(default-value #f)))
This works for me but I am not sure it's still needed. I am pretty sure
swaylock does not like to be setuid anymore.
A way to figure out what is wrong on your system would be to just run
swaylock from something like xterm and capture all output somewhere to
review later. It will probably utter some complaints to stdout or
stderr.
Cheers,
Remco
2023/12/21, Oleander via:
> Hello,
> has anyone had any problem with swaylock/swaylock-effects recently?
> They don't accept my correct password when trying to unlock.
>
> I use the following lockscreen.sh and system.scm:
>
> @example
> #!/bin/sh
>
> # Times the screen off and puts it to background
> swayidle \
> timeout 60 'swaymsg "output * dpms off"' \
> resume 'swaymsg "output * dpms on"' &
>
> # Locks the screen immediately
> swaylock --clock --indicator --screenshots --effect-scale 0.4
> --effect-vignette 0.2:0.5 --effect-blur 4x2 --datestr "%a %e.%m.%Y"
> --timestr "%k:%M"
>
> # Kills last background task so idle timer doesn't keep running
> kill %%
> @end example
>
> @example
> ;; Guix config with swaywm, encrypted with LUKS
>
> (use-modules
> (gnu) (gnu system nss) (gnu system setuid))
> (use-service-modules
> dbus desktop networking sddm sound ssh)
> (use-package-modules
> certs
> compression
> disk
> emacs
> finance
> fonts
> fontutils
> freedesktop
> glib
> games
> gnome
> gnupg
> gnuzilla
> gtk
> haskell-xyz
> image
> linux
> package-management
> password-utils
> pulseaudio
> rsync
> ruby
> ssh
> terminals
> tex
> texinfo
> version-control
> wm)
>
> (operating-system
> (host-name "t420")
> (timezone "Europe/Rome")
> (locale "en_US.utf8")
>
> ;; Keyboard layout.
> (keyboard-layout (keyboard-layout "us"))
>
> ;; Bootloader
> (bootloader (bootloader-configuration
> (bootloader grub-bootloader)
> (terminal-outputs '(console))
> (targets (list "/dev/sda"))
> (keyboard-layout keyboard-layout)))
>
> ;; Specify a mapped device for the encrypted root partition.
> ;; The UUID is that returned by 'cryptsetup luksUUID'.
> (mapped-devices
> (list (mapped-device
> (source (uuid "8022876e-e0cc-4ec5-8363-0f07c590cdbc"))
> (targets (list "guix-root"))
> (type luks-device-mapping))))
>
> (file-systems
> (append
> (list (file-system
> (device (file-system-label "guix-root"))
> (mount-point "/")
> (type "ext4")
> (dependencies mapped-devices)))
> %base-file-systems))
>
> (swap-devices (list
> (swap-space (target "/swapfile"))))
>
> ;; Define users and groups.
> (users
> (cons (user-account
> (name "oleander")
> (comment "")
> (group "users")
> (home-directory "/home/oleander")
> (supplementary-groups '("wheel" "netdev"
> "audio" "video" "input")))
> %base-user-accounts))
>
> ;; Sudoers
> (sudoers-file
> (plain-file "sudoers" "\
> %root ALL=(ALL) ALL
> %wheel ALL=(ALL) ALL
> %wheel ALL=(ALL) NOPASSWD: /run/current-system/profile/sbin/reboot\n"))
>
> ;; This is where we specify system-wide packages.
> (packages
> (append
> (list
> adwaita-icon-theme
> alacritty
> at-spi2-core
> dbus
> emacs
> font-awesome
> fontconfig
> font-dejavu
> font-gnu-unifont
> fzf
> git
> gnupg
> grim
> gtypist
> icecat
> keepassxc
> ledger
> nss-certs
> openssh-sans-x
> pandoc
> parted
> pass-otp
> password-store
> pavucontrol
> pinentry
> pulseaudio
> rsync
> ruby-asciidoctor
> slurp
> stow
> sway
> swayidle
> swaylock-effects
> texinfo
> texlive-base
> unzip
> waybar
> xdg-utils
> zip)
> %base-packages))
>
> ;; Some programs need to run with “root” privileges, even when they
> are launched by unprivileged users
> (setuid-programs (cons*
> (setuid-program
> (program
> (file-append swaylock-effects "/bin/swaylock")))
> %setuid-programs))
>
> ;; Services
> (services
> (cons*
> (service alsa-service-type
> (alsa-configuration
> (pulseaudio? #t)))
> (service dbus-root-service-type)
> (service elogind-service-type)
> (service openssh-service-type
> (openssh-configuration
> (openssh openssh-sans-x)
> (port-number 22)
> (password-authentication? #f)
> (permit-root-login 'prohibit-password)
> (authorized-keys
> `(("oleander" ,(local-file "/home/oleander/.ssh/authorized_keys"))))))
> (service polkit-service-type)
> (service sddm-service-type
> (sddm-configuration
> (auto-login-user "oleander")
> (display-server "wayland")))
> ;; Static networking for one NIC, IPv4-only.
> (service static-networking-service-type
> (list (static-networking
> (addresses
> (list (network-address
> (device "wlp1s0")
> (value "192.168.1.200/24"))))
> (routes
> (list (network-route
> (destination "default")
> (gateway "192.168.1.1"))))
> (name-servers '("1.1.1.1" "1.0.0.1")))))
> (service wpa-supplicant-service-type
> (wpa-supplicant-configuration
> (config-file "/etc/wpa-supplicant/wpa-supplicant.conf")
> (interface "wlp1s0")))
> %base-services))
>
> ;; Allow resolution of '.local' host names with mDNS.
> (name-service-switch %mdns-host-lookup-nss))
> @end example
>
> Also, do you have any suggestion to improve my code? One thing I never
> figured out is how to log in to the system automatically without a
> display manager.
>
> I found this config
> https://gitlab.com/mbakke/guix-sway-example/-/tree/master but I don't
> know if it still works and I need some time to study/understand the
> code before merging some of it into my config without creating a mess.
>
> Thank you