Stuff I'm Up To

Technical Ramblings

A Happy Linux Desktop — February 2, 2020

A Happy Linux Desktop

We’ve all been through lots of window managers from Gnome, LXDE, Cinnamon etc. but I think I’ve finally come up with a pretty desktop environment that I’m happy with.

Debian or Ubuntu with Gnome shell and some shell extensions, themes and icons.

First off add the gnome-shell-extensions and gnome-tweaks packages. You may have to restart or logout to get the extension and tweeks to work together. You’ll need to enable the extension for User Themes so you can choose themes under “Appearance”

$ sudo apt install gnome-shell-extensions gnome-tweaks

Then go and download the Qogir GTK3 theme from gnome-look.org.

Now we want some Suru++ icons. I spent a while being lead around making and building, then gave up and used a git clone from https://github.com/gusbemacbe/suru-plus/ instead.

$ git clone https://github.com/gusbemacbe/suru-plus.git
$ cd suru-plus
$ ./install.sh

Call up Gnome tweaks and set the theme/shell to Qogir and your icons to Suru++.

Gnome Keyring and ssh-agent — January 29, 2020

Gnome Keyring and ssh-agent

Every time I fire up a zsh shell terminal in gnome-shell I can’t add my ssh key to an existing ssh-agent instance.

$ ssh-add
Could not open a connection to your authentication agent.

The gnome-keyring-daemon is running, but it just doesn’t seem to set the environment variable SSH_AUTH_SOCK.

I’d have to run ssh-agent and start one listening on a temporary socket and pass the environment settings around terminal sessions. Turns out this is a known issue and the fix is relatively easy.

For zsh add the environment variable to your ~/.zshrc

export SSH_AUTH_SOCK=/run/user/$(id -u)/keyring/ssh

Now any call to ssh-add in a terminal works as expected.

You might want to do the same for other shells in ~/.profile etc.

gdm3 Tweaks — January 15, 2020

gdm3 Tweaks

When setting up a new Debian Gnome it’s nice to make things look the way you want. Here’s a few changes I make to sort out my desktop.

Hide a User from the gdm3 Login Screen

This is how to hide a single user from the login screen – not hide all users. This is different to how it was done in earlier versions.

Create/edit a file with the users login name in /var/lib/AccountsService/users eg.

$ sudo vi /var/lib/AccountsService/users/myuser

Add the following or just change the SystemAccount value to true.

[User]
Language=
XSession=
SystemAccount=true

Put the gdm3 Login Screen on Your Preferred Monitor

When Debian gets installed sometimes my monitors appear the wrong way around and my primary display is monitor 2. In user mode I can change this easy enough, but the gdm login remains the wrong way around.

The process is straight forward. Move things around as your user and then copy your user config to the gdm user. This is Debian-gdm for Buster but may just be gdm on other flavours.

$ sudo cp ~/.config/monitors.xml ~Debian-gdm/.config/

and for Ubuntu

$ sudo cp ~/.config/monitors.xml ~gdm/.config/

polkit-agent-helper-1[6160] —

polkit-agent-helper-1[6160]

After setting up LDAP authentication on my machine things went as expected and I was able to authenticate at the GDM login and sudo from the command line etc. But when I called up a program that required elevated privileges in Gnome the authentication always failed, regardless of the password I used and the dialog looked strange because it didn’t list the user name it wanted the credentials for.

In particular when I opened software packages or timeshift I’d get the authentication dialog and it would fail.

Using journalctl -f and tailing /var/log/auth.log helped me figure out what was going on.

Jan 15 12:41:14 desktop-11 polkit-agent-helper-1[7398]: Jan 15 12:41:14 desktop-11 polkit-agent-helper-1[7398]: pam_unix(polkit-1:auth): authentication failure; logname= uid=1103 euid=0 tty= ruser=someonestrange rhost= user=someonestrange
Jan 15 12:41:14 desktop-11 polkit-agent-helper-1[7398]: pam_ldap: error trying to bind as user "uid=someonestrange,ou=People,dc=domain" (Invalid credentials)

The user it was trying to authenticate as happens to be the first user on our LDAP schema.

Googling around for polkit and how it works I found that the uses that can authenticate are held in the config file /etc/polkit-1/localauthority.conf.d/51-debian-sudo.conf

[Configuration]
AdminIdentities=unix-group:sudo

Which seems obvious enough, but now we’re using LDAP and sudo-ldap it’s trying to use members of a local group called sudo. As this has only one member – the first user used to install the local Debian system with, it selected that user. The selected users ID of 1000 was then used by polkit, but the auth process went and used user ID 1000 on LDAP – which is our someonestrange.

At least now I know what’s going on. I could probably fix it by investigating how polkit works and seeing if I could set it to use an LDAP group, but the quickest fix was just to add my LDAP user account to the local sudo group and then I could authenticate in Gnome.

$ sudo gpasswd -a myuser sudo