/run/user/uid missing when using `incus exec container -- sudo --user uname --login`

Baba_Open · June 30, 2025, 6:40pm

Hello,

If I use incus console container then login the folder is there…

But if I use incus exec container -- sudo --user uname --login the folder /run/user/1000doesn’t exist.

I tried to see if any of the --user services are running using:
systemctl --user list-units state=active
but it produced an error
Failed to connect to user scope bus via local transport: $DBUS_SESSION_BUS_ADDRESS and $XDG_RUNTIME_DIR not defined (consider using --machine=<user>@.host --user to connect to bus of other user)
And indeed both environment variables are empty.
If I manually export the dbus session using
export $(dbus-launch)
And run the list-unit command again, then systemd exists with error code 1. Below is the related journalctl log

Jun 30 18:31:46 test-x-container dbus-daemon[1533]: [session uid=1000 pid=1531 pidfd=5] Activating service name='org.freedesktop.systemd1' requested by ':1.0' (uid=1000 pid=1536 comm="systemctl --user list-units state=active")
Jun 30 18:31:46 test-x-container dbus-daemon[1533]: [session uid=1000 pid=1531 pidfd=5] Activated service 'org.freedesktop.systemd1' failed: Process org.freedesktop.systemd1 exited with status 1

For now I just use the console mode but I’d like to hear how to troubleshoot this issue…I’ve probably done something wrong…

Thanks in advance!

stgraber · June 30, 2025, 7:01pm

It’s basically a matter of whether the full stack including integration with logind kicks in or not.

You could probably do incus exec container -- login and go through that login sequence which would then work the same as with incus console.

May be worth also trying su -l NAME to see if that kicks the right part of PAM.

Baba_Open · June 30, 2025, 7:13pm

Thank you for the quick response.

As you had suspected incus exec container -- login works

But if I enter with exec then try su -l UNAME the folder are still missing…

I don’t know anything about PAM, I’ve put it on my to-do list

But I was wondering, is this expected behavior or maybe something about my container. I used incus launch images:archlinux/current/amd64 test-x-container to build the container.

I can also try with another linux-distro to test…

Stephane thanks for all the hard-work…your youtube tutorials have saved me on several occations!

stgraber · July 16, 2025, 8:46pm

It’s generally expected that incus exec BLAH bash will not hit the PAM stack. incus shell BLAH may hit the PAM stack though that may depend between distros.

Look in /etc/pam.d, there typically are su and su-l specific profiles for those commands. Though I’m mostly familiar with the Debian/Ubuntu behavior, different distros may have different configs there.