Skip to content

Sometimes being on the bleeding edge you get cut.

January 10, 2010

While Sun Ray and OpenSolaris build 130 are functional they are not happy. In particular the changes to gdm have resulted in many of the functions of the Sun Ray software not working. Small things like utwho(1) no longer work.

More importantly the login scripts running as the user “gdm” have stopped my scripts that adjust the user shares and stop firefox when users disconnect from working. Since this results in the system being 100% busy all the time an urgent workaround was required.

The workaround uses lots of undocumented features, so I don’t expect it to keep working long term but at least it will keep me going until the next upgrade.

The problem of not running as root is trivially solved by using RBAC and then calling utaction via pfexec(1) adding these lines to each of the files:

root@pearson:/root# egrep /etc/security/*_attr 
/etc/security/prof_attr:GDM:::Do not assign to users. Profile for GDM so it can run utaction as 

Then using usermod to add the GDM profile to the gdm user:

root@pearson:/root# usermod -P GDM gdm

The now the utaction you call from your PostLogin script will be run as root. However instead of passing in the user name, which when the PostLogin script runs you don’t know, pass in the name of the Sun Ray session_proc file and read the UID out of there. I have:

function read_session_proc { 
        typeset IFS="="
        typeset key val
        while read key val
                 if [[ "$key"="uid" ]]
                         typeset IFS=:
                         typeset u spam
                         getent passwd $val | read u spam
                          print $u
if [[ "${1#/}" != $1 ]] && [[ -f $1 ]]
        USER=$(read_session_proc < $1) 

In the adjust shares scripts and this in the PostLogin script (/etc/opt/SUNWut/gdm/SunRayPostLogin/Default):

# ident "@(#)        1.1 04/05/06 SMI" 
LOGNAME=/tmp/SUNWut/session_proc/$d /usr/bin/ctrun -l child -i none /usr/bin/pfexec /opt/SUNWut/bin/utaction -i -c "$AD $LOGNAME 50" -d "$AD $LOGNAME" &

Update: I have added the ctrun otherwise if any of the actions called by utaction dump core then everyone gets logged out. Clearly the core dumps need to be resolved but there is no reason to log everyone out.


From → Solaris

  1. Joshua M. Clulow permalink

    How do you find the memory usage of the new GDM? I feel like it might have increased dramatically — on a box with 1GB of RAM six DTUs firing up and displaying the greeter brings the machine to its knees.

  2. 6 DTUs and 1GB of RAM! I’m surprised it ever worked. I have 8GB of RAM and "only" 5 DTUs and I’ve not noticed a memory problem. However the CPU consumption due to lack of Fair Share Scheduler tweeks and not stopping detached firefox sessions has dominated the system until I implemented this fix.

  3. Joshua M. Clulow permalink

    It was a temporary test VM and most of the DTUs are inactive which is why swap death as soon as they spawned greeters was a bit of a shock. dtlogin (and even the old GDM) seemed to have a much lighter footprint.

  4. Wayne Smith permalink

    How did you get that combo to work (b130 and SRSS 4.2)? I gave up as my DTU was stuck after assigning an IP address. Do you have some install notes to share?

  5. I seem to have failed to blog that bit. Sorry.
    I did all of this. Not sure the GL fix is needed for Sun Ray but it was needed for the console session while I debugged this.
    ln -s /usr/lib/xorg/ /opt/SUNWut/lib
    ln -s /usr/lib/xorg/ /opt/SUNWut/lib
    rm /usr/lib/xorg/modules/extensions/GL
    ln -s ../../../../../var/run/opengl/server \
    mkdir /etc/opt/SUNWut/X11
    echo "catalogue:/etc/X11/fontpath.d" > /etc/opt/SUNWut/X11/fontpath
    usermod -d /var/lib/gdm gdm
    Which got me a functioning Sun Ray but utwho does not work and nor did my utaction scripts. I think I have utwho now working (well I do have it working but before I post how I’ve sent it to the Sun ray team to be sure I’m not going anything obviously bad).

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: