Rpm-ostree permissions lost after adding kerberos packages

Typically, as the primary user, and a user in wheel, I can run rpm-ostree without sudo.

However, it appears after adding packages for kerberos login, im seeing some inconsistencies. The packages I added are:

  • oddjob
  • oddjob-mkhomedir
  • samba-common-tools

When ever I login to a new session, I get this popup:


I get this same popup whenever I try to run rpm-ostree without sudo, which was previously not an issue.

I also see a warning/error in rpm-ostree status:

State: idle
warning: Failed to query journal: couldn't find current boot in journal
AutomaticUpdates: stage; rpm-ostreed-automatic.timer: no runs since boot
● ostree://fedora:fedora/33/x86_64/silverblue
                   Version: 33.20210208.0 (2021-02-08T00:58:46Z)
                BaseCommit: 655b20930843360a5945a2711de72d9085b94a05a627d..
              GPGSignature: Valid signature by 963A2BEB02009608FE67EA4249FD..
           LayeredPackages: fedora-workstation-repositories kmod-nvidia oddjob oddjob-mkhomedir samba-common-tools xorg-x11-drv-nvidia

It is important to note that initially, after adding the packages, my primary/local user lost access to “sudo” entirely. While my /etc/group file looks standard (for silverblue), and my primary/local user account is in wheel, I was not able to use sudo for any task, and there for was heavily restricted on my system after adding the kerberos packages. I had to rd.break and update root since I had not previously configured a root password. Then I manually added my local/primary user directly to suderos. Now, I can run sudo, but as I said, some permissions appear to be “off” considering I am getting the authentication pop-up for upgrades for “Administrator”/root user instead of for my local/primary user.

So, I suspect something is wrong with “wheel” after adding the kerberos packages. Is someone aware how I can fix these permissions when the kerberos packages are present?

I think I resolved it. I’m not sure how, but I believe it happened after i added adm to /etc/group like so:

# grep -E '^adm:' /usr/lib/group >> /etc/group
# usermod -aG adm myuser

Now, I don’t see the “update software” pop-ups and “rpm-ostree upgrade” works without sudo.

I guess that was a simply oversight on my part. I usually expect wheel to do the heavy lifting, but it’s likely some tasks are tied to adm.

1 Like