Troubleshooting and Removal of the openclaw User Service
Summary
This process documents the resolution of a persistent dbus error occurring during nixos-rebuild switch operations on Sokrates appliances. The issue was caused by orphaned systemd user units and lingering state for the deprecated openclaw service account, which remained active in the system state after being removed from the NixOS configuration.
Details
During development and deployment cycles, specifically during nixos-rebuild switch, the system consistently reported dbus errors. These errors were triggered by NixOS attempting to reload systemd user units for a user named openclaw. Because openclaw was a service account without an active dbus session, the reload command failed.
Root Cause Analysis
Investigation revealed that while the openclaw user had been removed from the NixOS flake configuration and the /etc/passwd file, several artifacts remained in the system state:
- Systemd Lingering: A linger file existed at
/var/lib/systemd/linger/openclaw. Systemd uses this directory to determine which users should have a user manager started at boot and kept running after logout. Because this file persisted, systemd continued to attempt management of a non-existent user. - Stuck Sessions: A systemd session (Session 3, PID 13186) for UID 997 (the former ID for
openclaw) was found in aclosingstate. This session was identified as amanager-earlysession. - Configuration Residue: The error persisted across rebuilds because the system state (lingering) and the active session prevented a clean transition, even though the user was no longer defined in the Nix configuration.
Resolution Steps
The cleanup process involved the following technical interventions:
- Linger Removal: The file
/var/lib/systemd/linger/openclawwas identified as the primary trigger for the reload attempts. - Session Termination: Attempts were made to kill the stuck process (PID 13186) associated with UID 997. However, because the user had been removed from
/etc/passwdwhile the session was active, systemd was unable to fully tear down the session, leaving it in a permanentclosingstate. - Final Cleanup: It was determined that while the error was cosmetic and did not impact the functionality of the Hermes Agent or other system services, a reboot was required to fully clear the kernel and systemd tables of the orphaned UID 997.
- Verification: After ensuring the
openclawmodule was entirely removed from the Nix flake and the linger file was gone, subsequent rebuilds were confirmed to be “clean,” with only the primary user (hakon) and standard service accounts appearing in the user list.