Bug 1600079

Summary: Wrong entry in secure log when user login Description
Product: Red Hat Enterprise Linux 7 Reporter: Thibault <tr>
Component: gdmAssignee: Ray Strode [halfline] <rstrode>
Status: CLOSED ERRATA QA Contact: Desktop QE <desktop-qa-list>
Severity: low Docs Contact:
Priority: unspecified    
Version: 7.5CC: jkoten, lmiksik, tpelka, tr
Target Milestone: rc   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: gdm-3.28.2-8.el7 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-10-30 10:27:16 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Thibault 2018-07-11 11:33:12 UTC 
Description of problem:

On ldap connected machines (did not check that with local account)

The secure log is displaying the last logged user for each connections.

To make it clear, here is the log:

**machine booted**
Nov 27 09:51:37 machine01 gdm-password]: pam_unix(gdm-password:session): session opened for user fred by (uid=0)
Nov 27 15:57:05 machine01 gdm-password]: pam_unix(gdm-password:session): session opened for user srehtark by fred(uid=0)
Nov 27 17:12:02 machine01 gdm-password]: pam_unix(gdm-password:session): session opened for user hauallga by fred(uid=0)
Nov 28 09:14:16 machine01 gdm-password]: pam_unix(gdm-password:session): session opened for user hauallga by fred(uid=0)
Nov 28 14:09:02 machine01 gdm-password]: pam_unix(gdm-password:session): session opened for user srehtark by fred(uid=0)
Nov 29 15:08:54 machine01 gdm-password]: pam_unix(gdm-password:session): session opened for user granes by fred(uid=0)

**reboot**
Nov 30 06:09:23 machine01 gdm-password]: pam_unix(gdm-password:session): session opened for user bantze by (uid=0)
Nov 30 10:38:04 machine01 gdm-password]: pam_unix(gdm-password:session): session opened for user frank by bantze(uid=0)

we can see "by fred(uid=0)" on each line except on the first one when the machine just booted, even if the user logged off.
after reboot, the first logged user was bantze then his name appears on the next lines until next reboot.

How reproducible: every time

Steps to Reproduce:
1. Logon/logout with multiples accounts and check /var/log/secure


Expected results:
not see the first username of the day in every logon log lines
Comment 2 Tomas Mraz 2018-07-11 12:17:08 UTC 
That's probably because gdm either reuses the pam handle for the subsequent logins or it does not clear the utmp entry for the controlling terminal after the logout.

login uses LOGIN when it clears the utmp entry.
Comment 3 Ray Strode [halfline] 2018-07-11 13:19:53 UTC 
probably fixed by this commit upstream:

https://gitlab.gnome.org/GNOME/gdm/commit/086d68f24d984fb48e44aa16aa815825cd5ed0bc
Comment 5 Tomas Pelka 2018-09-13 12:33:44 UTC 
Hello Thibault,

assuming you have access to RHEL7.6 Beta, can you check whether this issue is still occurring on Beta and above? I can't reproduce locally on 7.6 so guessing it is resolved.

Let me know if don't have access to Beta I will verify sanityonly.

Thanks
-Tom
Comment 7 errata-xmlrpc 2018-10-30 10:27:16 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2018:3140