Since Plasma 6.4.0 the powerdevil systemd unit sets 'AmbientCapabilities=CAP_WAKE_ALARM'. powerdevil is spawned as a user service and can only gain capabilities which the 'systemd --user' service for the session has: % ps auxww | grep "systemd --user" yamagi 1180 0.0 0.0 21804 11744 ? Ss 07:26 0:01 /usr/lib/systemd/systemd --user % cat /proc/1180/status | grep CapAmb CapAmb: 0000000000000000 -> The 'systemd --user' has no ambient capabilities, therefor it cannot set 'CAP_WAKE_ALARM' and starting powerdevil fails: % journalctl --user -xu plasma-powerdevil.service Jun 23 08:52:04 blubb (werdevil)[17116]: plasma-powerdevil.service: Failed to apply ambient capabilities (before UID change): Operation not permitted Jun 23 08:52:04 blubb (werdevil)[17116]: plasma-powerdevil.service: Failed at step CAPABILITIES spawning /usr/lib/org_kde_powerdevil: Operation not permitted This can be worked around by commenting the 'AmbientCapabilities=CAP_WAKE_ALARM'. Functionality requiring the CAP_WAKE_ALARM won't work, though. Linux/KDE Plasma: Arch Linux as of 23.06.2025 ca. 05:00 UTC with Linux 6.15.3-arch1-1 and systemd 257.6-1 KDE Plasma Version: 6.4.0 KDE Frameworks Version: 6.15.0 Qt Version: 6.9.1
*** Bug 506062 has been marked as a duplicate of this bug. ***
For what it's worth, I can't reproduce this issue on my Fedora KDE 42 device with Plasma built from git master, so it does include that AmbientCapabilities line, and systemd 257.6. For others' reference, the relevant code change was made here: https://invent.kde.org/plasma/powerdevil/-/merge_requests/537
I also can't reproduce it, either with Fedora packages, or built-from-source powerdevil.
I can't really reproduce this in Arch Linux setup with same version of systemd and plasma. Are you using by chance systemd-homed or anything special in your setup wrt PAM or systemd?
For reference CapAmb is wrong for some reason but this is correctly shown, ➜ pscap -p 1739 ppid pid uid command capabilities 1315 1739 bshah org_kde_powerde wake_alarm @ + ~ … ➜ pscap -p 1315 ppid pid uid command capabilities 1 1315 bshah systemd wake_alarm +
Bhushans hints helped a lot. I figured it out. As already suspected this isn't a KDE problem but a configuration problem at my side: Since version 254 systemd adds CAP_WAKE_ALARM via pam_systemd to the user session - https://github.com/systemd/systemd/blob/0e2f18eedd6b9be32b1c1122dcd2c30319074c7f/NEWS#L703 when compiled with defaults systemd treats UIDs >= 1000 as user accounts and UIDs >= 500 && < 1000 as system accounts. This cannot be overridden in /etc/login.defs unless systemd is compiled with -Dcompat-mutable-uid-boundaries=true which Arch doesn't set. Sometimes I'm forced to work on AFS filesystems (yes, these things still exists) and out of convenience I set my local UID to my AFS UID 691. Since UID 691 is treated as a system user systemd doesn't set CAP_WAKE_ALARM on the session and powerdevil cannot start. Changing the UID to 1001 helps. With this the problem is solved for me. I'm not closing here because there were other reports marked as duplicate of this bug, they might be caused by different configuration errors or something else. Nevertheless sorry for the noise. :/
Changing my uid from 501 to 1000 solved this issue for me. It also fixed kcm_users not working correctly.
Hi - Bhushan's already checked in with the original reporter for that issue that was merged in with this one, so I think it's safe to mark this one resolved (and then reopen the other one if needed). Thanks!
I ran into this bug as well, but on the other side of UID range. This is not a Plasma bug per se, but it may be practically necessary to handle these situations better than by failing to start powerdevil. My environment is all Red Hat IdM joined and the UID base is 82800000. FreeIPA, AD joined sssd, and other AD auth tools will also result in high UID numbers that pam_systemd will consider to be of "container" disposition, and thus will not have any ambient capabilities. So, this is an issue that is likely to affect many larger environments with centralized user management.
I am also using FreeIPA with SSSD (uid=1000003) and I am running into the same issue.
I have sssd uid 694702680 and powerdevil fails
hello, same issue with freeipa account (uid=1678900673).
A possibly relevant merge request was started @ https://invent.kde.org/plasma/powerdevil/-/merge_requests/568
FYI: The workaround posted here https://bugzilla.opensuse.org/show_bug.cgi?id=1245256 is working for me with FreeIPA. Adding a file in "/etc/userdb" that changes the disposition back(?) to regular allowed powerdevil to start again.
Fixed by Bhushan Shah with https://invent.kde.org/plasma/powerdevil/-/commit/6b9fc3d4688219029b94739d348491d433445dd3 for Plasma 6.4.2!