From ad909e9c933a7e2ca01d94e4e2a32f5239fffd54 Mon Sep 17 00:00:00 2001 From: Mitchell R Date: Wed, 13 May 2026 03:23:49 +0200 Subject: [PATCH] fix(deploy): drop nonexistent 'seat' supplementary group MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit systemd refuses to spawn the unit with code=216/GROUP when any group in SupplementaryGroups= doesn't exist. Debian's seatd uses -g video — there is no 'seat' group on the system. Removing it lets cage start; the video group already covers seatd access. --- deploy/scripts/setup-pi-kiosk.sh | 4 +++- deploy/systemd/betterframe-kiosk.service | 2 +- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/deploy/scripts/setup-pi-kiosk.sh b/deploy/scripts/setup-pi-kiosk.sh index 9bbae80..4df3a1b 100644 --- a/deploy/scripts/setup-pi-kiosk.sh +++ b/deploy/scripts/setup-pi-kiosk.sh @@ -164,7 +164,9 @@ if [ "${INSTALL_KIOSK}" = "1" ]; then if ! id -u bfkiosk >/dev/null 2>&1; then useradd -m -s /usr/sbin/nologin bfkiosk fi - for grp in video render input audio seat; do + # Debian's seatd uses -g video (no separate 'seat' group) — only join groups + # that actually exist on this system. + for grp in video render input audio; do if getent group "$grp" >/dev/null; then usermod -a -G "$grp" bfkiosk fi diff --git a/deploy/systemd/betterframe-kiosk.service b/deploy/systemd/betterframe-kiosk.service index 62813ec..65e9d3e 100644 --- a/deploy/systemd/betterframe-kiosk.service +++ b/deploy/systemd/betterframe-kiosk.service @@ -10,7 +10,7 @@ After=getty@tty1.service Type=simple User=bfkiosk Group=bfkiosk -SupplementaryGroups=video render input audio seat +SupplementaryGroups=video render input audio PAMName=cage TTYPath=/dev/tty1 TTYReset=yes