Systemd-sysusers fails to create groups

Hi everyone,

I have several problems running programs, cause of missing groups (e.g. virtualbox). I have checked /etc/group and there are several groups missing (e.g. vboxsf or cups). I can add this groups manually with groupadd, but they should added with systemd-sysusers. The service is running and show the errors:

sudo systemctl status systemd-sysusers
[sudo] Passwort für carsten: 
● systemd-sysusers.service - Create System Users
     Loaded: loaded (/usr/lib/systemd/system/systemd-sysusers.service; static)
     Active: active (exited) since Thu 2023-08-03 12:20:50 CEST; 50min ago
       Docs: man:sysusers.d(5)
             man:systemd-sysusers.service(8)
    Process: 430 ExecStart=systemd-sysusers (code=exited, status=0/SUCCESS)
   Main PID: 430 (code=exited, status=0/SUCCESS)
        CPU: 20ms

Aug 03 12:20:50 medma0198 systemd[1]: Starting Create System Users...
Aug 03 12:20:50 medma0198 systemd-sysusers[430]: Failed to check if group kvm already exists: Connection refused
Aug 03 12:20:50 medma0198 systemd-sysusers[430]: Failed to check if group vboxsf already exists: Connection refused
Aug 03 12:20:50 medma0198 systemd[1]: Finished Create System Users.

When I run it manually systemd-sysusers:

sudo systemd-sysusers
Failed to check if group kvm already exists: Unknown error 358416419
Failed to check if group vboxsf already exists: Unknown error 358416419

with debug information SYSTEMD_LOG_LEVEL=debug systemd-sysusers /usr/lib/sysusers.d/virtualbox-guest-utils.conf:

varlink: Setting state idle-client
/run/systemd/userdb/io.systemd.DynamicUser: Sending message: {"method":"io.systemd.UserDatabase.GetGroupRecord","parameters":{"groupName":"vboxsf","service":"io.systemd.DynamicUser"}}
/run/systemd/userdb/io.systemd.DynamicUser: Changing state idle-client → awaiting-reply
/run/systemd/userdb/io.systemd.DynamicUser: New incoming message: {"error":"io.systemd.UserDatabase.NoRecordFound","parameters":{}}
/run/systemd/userdb/io.systemd.DynamicUser: Changing state awaiting-reply → processing-reply
Got lookup error: io.systemd.UserDatabase.NoRecordFound
/run/systemd/userdb/io.systemd.DynamicUser: Changing state processing-reply → idle-client
varlink: Setting state idle-client
/run/systemd/userdb/io.systemd.DynamicUser: Sending message: {"method":"io.systemd.UserDatabase.GetMemberships","parameters":{"groupName":"vboxsf","service":"io.systemd.DynamicUser"},"more":true}
/run/systemd/userdb/io.systemd.DynamicUser: Changing state idle-client → awaiting-reply-more
/run/systemd/userdb/io.systemd.DynamicUser: New incoming message: {"error":"io.systemd.UserDatabase.NoRecordFound","parameters":{}}
/run/systemd/userdb/io.systemd.DynamicUser: Changing state awaiting-reply-more → processing-reply
Got lookup error: io.systemd.UserDatabase.NoRecordFound
/run/systemd/userdb/io.systemd.DynamicUser: Changing state processing-reply → idle-client
Failed to check if group vboxsf already exists: Unbekannter Fehler 358416419

I have checked the pacman.log and I have seen that it starts some month ago after upgrading the system. I can’t say exactly which package causes this problem, because the systemd-sysusers.hook is not invoked every upgrade. Between working sysusers and first time error was only one big system upgrade. And there was an upgrade of systemd-libs.

For me it looks like a permission error, so I have checked passwd gpasswd shadow and group under /etc but everything looks fine. Now I get stucked and I have no ideas where to look. There is a problem to check if a group already exists. But it shows only an unknown error. I have searched for this topic, but I have not found any clue.

Has someone an idea? Thanks in advance

Some Info:

System: Manjaro Budgie
CPU: 16-core (8-mt/8-st) 12th Gen Intel Core i9-12900 (-MST AMCP-)
speed/min/max: 2397/800/5000:5100:3800 MHz Kernel: 6.4.6-1-MANJARO x86_64
Up: 1h 8m Mem: 4.74/125.48 GiB (3.8%) Storage: 5.48 TiB (19.6% used)
Procs: 441 Shell: Bash inxi: 3.3.28

So you cannot start virtualbox? Why are you installing the guest tools on the host? Makes no sense.

Looks to me like a xy problem. Please precise what your problem is and not the sympton, which might be the problem in your view.

Sorry, I try it more precise. The guest iso with the group vboxsf was a bad example. The last package I run in troubles was cups. I have installed it and I don’t get it to work. Then I have recognized that there was an error seen in pacman.log. Checking group shows no cups entry. I have see that other programs also shows this error at 20-systemd-sysuser.hook while installing or upgrading. So I checked the sysuser.hook. The files are saved under /usr/lib/sysusers.d but the sysusers can’t change it anymore.

More precise, the problem is, that no user and group automatically created with sysusers when installing or upgrading packages. Without, the software (for example cups) are not working properly.

My question is, why could it be, that systemd-sysusers can’t create new entries. I can do it manually with groupadd and useradd. Then it works.

Thanks

Do i understand correctly that you use software in a VM that interacts with the host in such a way that it can not add groups on the host?
If that is the case im very happy it can not

On the otherhand if the VM software you use, Virtualbox, is unable to do so while starting up, then you should contact the Virtualbox makers…

PS:
Because you mention a problem with a piece of systemd, it might help to also mention the version you use because the developers of that might have issues already filed related to that or even fixed it in a version later as what you use

No, sorry. Forget virtualbox. I wrote it was a bad example. The problem exists on my manjaro system. No VM. Virtualbox is only another package what create a group and user with systemd-sysusers. The main problem is systemd-sysusers.

it started some month (march) ago. In meantime there were several updates for systemd. Now it is the last update for manjaro. I think the problem lies in comunication between sysusers and system user database. But I have no clue…

anyway, thanks for your help.

Then please provide:

systemd-sysusers --cat-config

If such a thing happens, then most likely the group or user is represented twice in the config.

I have checked it, but no double entries.

Here the output:

# /usr/lib/sysusers.d/avahi.conf
u avahi - "Avahi mDNS/DNS-SD daemon"

# /usr/lib/sysusers.d/basic.conf
#  This file is part of systemd.
#
#  systemd is free software; you can redistribute it and/or modify it
#  under the terms of the GNU Lesser General Public License as published by
#  the Free Software Foundation; either version 2.1 of the License, or
#  (at your option) any later version.

# The superuser
g root    0       -            -
u root    0:0     "Super User" /root

# The nobody user/group for NFS file systems
g nobody 65534       -            -
u nobody 65534:65534 "Kernel Overflow User"     -

# Administrator group: can *see* more than normal users
g adm     -     -            -

# Administrator group: can *do* more than normal users
g wheel   -     -            -

# Access to shared database of users on the system
g utmp    -     -            -

# Physical and virtual hardware access groups
g audio   -     -            -
g disk    -     -            -
g input   -     -            -
g kmem    -     -            -
g kvm     -     -            -
g lp      -     -            -
g optical -     -            -
g render  -     -            -
g sgx     -     -            -
g storage -     -            -
g tty     5     -            -
g uucp    -     -            -
g video   -     -            -

# Default group for normal users
g users   -     -            

# /usr/lib/sysusers.d/bind.conf
u named 40 "BIND DNS Server" -

# /usr/lib/sysusers.d/colord.conf
u colord - "Color management daemon" /var/lib/colord

# /usr/lib/sysusers.d/cups.conf
u cups 209 "cups helper user"
m cups lp

# /usr/lib/sysusers.d/dbus.conf
u dbus 81 "System Message Bus"

# /usr/lib/sysusers.d/dhcpcd.conf
u dhcpcd - "dhcpcd privilege separation" -

# /usr/lib/sysusers.d/dnsmasq.conf
u dnsmasq - "dnsmasq daemon" /

# /usr/lib/sysusers.d/geoclue.conf
u geoclue - "Geoinformation service" /var/lib/geoclue

# /usr/lib/sysusers.d/git.conf
u git - "git daemon user" / /usr/bin/git-shell

# /usr/lib/sysusers.d/lightdm.conf
u lightdm - "Light Display Manager" /var/lib/lightdm

# /usr/lib/sysusers.d/lxdm.conf
u lxdm - "Lightweight X11 Display Manager" /var/lib/lxdm

# /usr/lib/sysusers.d/manjaro.conf
# default arch groups
# groups first, because we have user/group id mismatch on ftp and mail
g root 0 - -
g sys 3 - -
g mem 8 - -
g ftp 11 - -
g mail 12 - -
g log 19 - -
g smmsp 25 - -
g proc 26 - -
g games 50 - -
g lock 54 - -
g network 90 - -
g floppy 94 - -
g scanner 96 - -
g power 98 - -

# default arch users
u bin 1 - -
u daemon 2 - -
u mail 8 - /var/spool/mail
u ftp 14 - /srv/ftp
u http 33 - /srv/http

# default membership
m root root
m bin daemon
m bin sys
m daemon adm
m daemon bin

# /usr/lib/sysusers.d/networkmanager-openconnect.conf
u nm-openconnect - "NetworkManager OpenConnect"

# /usr/lib/sysusers.d/networkmanager-openvpn.conf
u nm-openvpn - "NetworkManager OpenVPN"

# /usr/lib/sysusers.d/ntp.conf
g ntp 87 -
u ntp 87 "Network Time Protocol" /var/lib/ntp /bin/false

# /usr/lib/sysusers.d/openldap.conf
u ldap 439 "LDAP Server" /var/lib/openldap

# /usr/lib/sysusers.d/openvpn.conf
u openvpn - "OpenVPN"

# /usr/lib/sysusers.d/polkit.conf
u polkitd 102 "PolicyKit daemon"
m polkitd proc

# /usr/lib/sysusers.d/rpcbind.conf
u rpc 32 "Rpcbind Daemon" /var/lib/rpcbind

# /usr/lib/sysusers.d/rpcuser.conf
u rpcuser 34 "RPC Service User" /var/lib/nfs

# /usr/lib/sysusers.d/rtkit.conf
u rtkit 133 "RealtimeKit" /proc

# /usr/lib/sysusers.d/systemd-coredump.conf
#  This file is part of systemd.
#
#  systemd is free software; you can redistribute it and/or modify it
#  under the terms of the GNU Lesser General Public License as published by
#  the Free Software Foundation; either version 2.1 of the License, or
#  (at your option) any later version.


u systemd-coredump - "systemd Core Dumper"

# /usr/lib/sysusers.d/systemd-journal.conf
#  This file is part of systemd.
#
#  systemd is free software; you can redistribute it and/or modify it
#  under the terms of the GNU Lesser General Public License as published by
#  the Free Software Foundation; either version 2.1 of the License, or
#  (at your option) any later version.

g systemd-journal - -

# /usr/lib/sysusers.d/systemd-network.conf
#  This file is part of systemd.
#
#  systemd is free software; you can redistribute it and/or modify it
#  under the terms of the GNU Lesser General Public License as published by
#  the Free Software Foundation; either version 2.1 of the License, or
#  (at your option) any later version.

u systemd-network - "systemd Network Management"

# /usr/lib/sysusers.d/systemd-oom.conf
#  This file is part of systemd.
#
#  systemd is free software; you can redistribute it and/or modify it
#  under the terms of the GNU Lesser General Public License as published by
#  the Free Software Foundation; either version 2.1 of the License, or
#  (at your option) any later version.

u systemd-oom - "systemd Userspace OOM Killer"

# /usr/lib/sysusers.d/systemd-remote.conf
#  This file is part of systemd.
#
#  systemd is free software; you can redistribute it and/or modify it
#  under the terms of the GNU Lesser General Public License as published by
#  the Free Software Foundation; either version 2.1 of the License, or
#  (at your option) any later version.

u systemd-journal-remote  - "systemd Journal Remote"

# /usr/lib/sysusers.d/systemd-resolve.conf
#  This file is part of systemd.
#
#  systemd is free software; you can redistribute it and/or modify it
#  under the terms of the GNU Lesser General Public License as published by
#  the Free Software Foundation; either version 2.1 of the License, or
#  (at your option) any later version.


u systemd-resolve - "systemd Resolver"

# /usr/lib/sysusers.d/systemd-timesync.conf
#  This file is part of systemd.
#
#  systemd is free software; you can redistribute it and/or modify it
#  under the terms of the GNU Lesser General Public License as published by
#  the Free Software Foundation; either version 2.1 of the License, or
#  (at your option) any later version.

u systemd-timesync - "systemd Time Synchronization"

# /usr/lib/sysusers.d/tpm2-tss.conf
#Type Name ID GECOS               Home directory Shell
u     tss  -  "tss user for tpm2"

# /usr/lib/sysusers.d/usbmuxd.conf
u usbmux 140 "usbmux user"

# /usr/lib/sysusers.d/util-linux.conf
u uuidd 68
g rfkill - - -

# /usr/lib/sysusers.d/virtualbox-guest-utils.conf
g vboxsf 109 -

# /usr/lib/sysusers.d/virtualbox.conf
g vboxusers 108 -

# /usr/lib/sysusers.d/x2goserver.conf
u x2gouser  111 "x2gouser"  /var/lib/x2go
u x2goprint 112 "x2goprint" /var/spool/x2go

# /usr/lib/sysusers.d/xmms2.conf
u xmms2  -      -  /var/lib/xmms2
m xmms2  audio

Ok, I don’t want to give up, yet. I dig deeper and found something.

it looks like that the error message “Failed to check if group … already exists” is coming up after checking NSS (see code on github: https://github.com/systemd/systemd/blob/main/src/sysusers/sysusers.c.

So it could be that systemd-sysusers fail because the nss database was not accessible? I have to read more…

When you find the cause, make sure to create a bug report on the repo i gave a link to, because that is where the development of systemd happens

I have found the reason. It takes me a lot of time from not working cups over systemd-sysusers “Unknown error” to sssd.

I have got the information about the sssd.conf from our institute IT, but there was something missing. I have seen that there were several incorrect user information in the sssd.log.

Now changing the line:

re_expression = (((?P[^\]+)\(?P.+$))|((?P[^@]+)@(?P.+$)))

to

re_expression = (((?P[^\]+)\(?P.+$))|((?P[^@]+)@(?P.+$))|(?P.+$))

everything works now. It would be save a lot of time instead of getting an unknown error if I would get incorrect user information from nss. Anyway, thanks to all here for support. It’s solved now.

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.