When I login as a non-root user I get an error: Cannot create directory /run/user/1000 Permission denied

I created a custom Yocto image with a non root user and gave the user sudo access.

When I attempt to login with that user over ssh I get the following error:

mkdir: cannot create directory '/run/user/1000': Permission denied

I believe this has something to do with wayland ?

nherit useradd

USERADD_PACKAGES = "${PN}"
USERADD_PARAM_${PN} = "-u 1000 \
                       -d /home/user1 \
                       -m -s /bin/bash \
                       -G adm,dialout,sudo,audio,video,plugdev,users,input \
                       -P 'user1' \
                       user1;"

Hardware:
Colibri IMX6ULL

Are you getting this error message on machine where you running SSH client or on Colibri?

I am getting this message over ssh.

SO, SSH connection works, as I understand.

Yes. The ssh connection works. I just get this error when connecting. And I am not able to run any gui apps with this user.

Hi @nmohan86 ,

Can you please explain why you need to create a new sudo user? Shouldn’t be enough to change the root password and then create a new user just to run your application?

Can you please try the followings parameters to change the root password and to create a new user?

inherit extrausers

EXTRA_USERS_PARAMS = " useradd user2; \
                       usermod -P test123 user2; \
                       usermod -P 123456 root;"

After this, can you please try again to login into the user2 and check if you receive the same error?

Best regards,
Daniel Morais

I tried the approach above and I am unable to login as root or user2 via ssh. I get invalid password for both.

Hi,

Can you please share with us the errors you faced?

Also, were you able to login trhough the debug UART?

Best regards,
Daniel Morais

I am able to login via UART as “root” with no password. Via SSH I cannot login as root or user2 with or without password. When I check /etc/passwd “user2” does not exist in that file.

Hi @nmohan86,

I made a small test where I added the followings lines to the layers/meta-toradex-demos/recipes-images/images/tdx-reference-minimal-image.bb file.

inherit extrausers

EXTRA_USERS_PARAMS = " useradd user2; \
                       usermod -P test123 user2; \
                       usermod -P 123456 root;"

After flashing the new image I got the followings output when I login into the module:

daniel@danielmorais-pc:~$ ssh root@192.168.0.117
root@192.168.0.117's password: 
root@colibri-imx6ull-06738059:~# pwd
/home/root
root@colibri-imx6ull-06738059:~# exit
Connection to 192.168.0.117 closed.
daniel@danielmorais-pc:~$ ssh user2@192.168.0.117
user2@192.168.0.117's password: 
mkdir: can't create directory '/run/user/1000': Permission denied
chmod: /run/user/1000: No such file or directory
colibri-imx6ull-06738059:~$ pwd
/home/user2

I’m investigating the chmod: /run/user/1000: No such file or directory error, but this issue is not blocking access into the module.

Also, as you can see the password was also added correctly.

Can you please confirm that you are doing the correct configurations into the correct recipes?

Best regards,
Daniel Morais

I created a new layer and I am updating the user in there. But you are seeing the same error as me. If you try to run a UI app via user2 you will see an error.

Hi,

Good!

I did some tests here and to solve this issue the correct permissions should be given to the /run/user folder, the instructions in the first answer of this question should work, can you please try this on userspace and verify if it solves the problem?

After executing the command chmod g+rwx using the root user, I got the following output when using user2 to log in.

daniel@danielmorais-pc:~$ ssh user2@192.168.0.117
user2@192.168.0.117's password: 
colibri-imx6ull-06738059:~$

I’m looking into the best approach to do this on Yocto side.

Best regards,
Daniel Morais

Thanks. Looking forward to the yocto solution.

Hi @nmohan86,

For the yocto solution, please take a look at this recipe.

Best regards,
Daniel Morais

This is the example I followed. This is what my recipe looks like. What did I miss?

inherit useradd

USERADD_PACKAGES = "${PN}"
USERADD_PARAM_${PN} = "-u 1000 \
                       -d /home/user1 \
                       -m -r -s /bin/bash \
                       -G adm,dialout,sudo,audio,video,plugdev,users,input \
                       -P 'user1' \
                         user1;"

do_install () {

    install -d -m 755 ${D}${sysconfdir}/user
    chown -R user ${D}${sysconfdir}/user
    chgrp -R user ${D}${sysconfdir}/user

    install -d -m 755 ${D}${localstatedir}/log/user
    chown -R user ${D}${localstatedir}/log/user
    chgrp -R user ${D}${localstatedir}/log/user

    install -d -m 755 ${D}${bindir}/user
    chown -R user ${D}${bindir}/user
    chgrp -R user ${D}${bindir}/user

    install -d -m 755 ${D}${libdir}/user
    chown -R user ${D}${libdir}/user
    chgrp -R user ${D}${libdir}/user

}

FILES_${PN} += "${sysconfdir}/user"
FILES_${PN} += "${localstatedir}/log/user"
FILES_${PN} += "${bindir}/user"
FILES_${PN} += "${libdir}/user"

Hi Daniel, I put my recipe down below. Can you please advise what I am missing ?

Hi @nmohan86,

You need to set the correct permissions to the /run/user directory, please try adding the same commands you set but to the correct directory.

Another alternative is creating a recipe that enables a service that is run only at the first boot. You can see this question as reference. The idea here is that this service would configure the permissions for the /run/user directory.

Best regards,
Daniel Morais

So it seems like after reboot /run/user always defaults to root for owner and group. I guess I need to run a script on startup every time which changes the group and owner to my custom one.

Also when I try to run my UI with user2 after modifying permissions to /run/user I get the following error:

I figured out the yocto solution.

On boot /etc/profile.d/wayland-env.sh script is executed which configures the environment variables.

This script is configured in recipes-core/base-files and needs to be updated to add: “sudo” before mkdir and chmod.

With this you will no longer get the error when trying to login via the custom user. Assuming the user is part of the sudo group.