System degraded because user@0.service

robang74 · 25 June 2023 15:51

I did this

~]# systemctl --failed

  UNIT                   LOAD   ACTIVE SUB    DESCRIPTION              
● lxc@multi-user.service loaded failed failed LXC Container: multi-user
● user@0.service         loaded failed failed User Manager for UID 0

then this

~]# systemctl status user@0.service

● user@0.service - User Manager for UID 0
   Loaded: loaded (/usr/lib/systemd/system/user@.service; static; vendor preset: enabled)
  Drop-In: /usr/lib/systemd/system/user@.service.d
           └─oneshot-user-privileged.conf
   Active: failed (Result: exit-code) since Sun 2023-06-25 10:55:07 CEST; 4s ago
  Process: 30963 ExecStartPre=/usr/lib/startup/validate-user 0 (code=exited, status=1/FAILURE)

Jun 25 10:55:07 Sueza11 systemd[1]: user@0.service: Service hold-off time over, scheduling restart.
Jun 25 10:55:07 Sueza11 systemd[1]: user@0.service: Start request repeated too quickly.
Jun 25 10:55:07 Sueza11 systemd[1]: user@0.service: Failed with result 'exit-code'.

therefore, I have tried this

~]# /usr/lib/startup/validate-user 0

/usr/lib/startup/validate-user checking  0
Preventing session start for 0

then make a check adding the root into group users:

~]# usermod -a -G users root

and after all the appropriate services restarted an option to login as root at the bottom of the top menu appereared. Obviously, it was not what I want and I removed root form the group of users.

~]# gpasswd -d root users

Finally, I have applied this patch:

--- /usr/lib/startup/validate-user.orig
+++ /usr/lib/startup/validate-user
@@ -7,6 +7,7 @@
 [ -z "$1" ] && echo "$0 missing UID" && exit 1
 echo "$0 checking  $1"
 UNAME=$(getent passwd $1 | cut -d ":" -f1)
+[ "$UNAME" = "root" ] && exit 0  #<-- This check/exit condition added
 UGROUPS=$(groups $UNAME | grep -w users)
 if [ -z "$UNAME" ] || [ -z "$UGROUPS" ]; then
     echo "Preventing session start for $1"

and after all the appropriate services restarted, everything seems fine.

QUESTIONS

Before doing a patch for fixing validate-user script, I wish your feedback:

does it happen also in your 4.5.0.19 to have the system degraded about user@0.service?

moreover

does it happen also in your 4.5.0.19 to have the system degraded about lxc@multi-user.service?