Red Hat Bugzilla – Bug 13136
PAM: console device grants not revoked on logout
Last modified: 2008-05-01 11:37:56 EDT
I log in as "chris" on tty1
User "chris" gets ownership of /dev/fd0, /dev/gpmctl, etc. etc.
I log out
Ownership of all the devices has _NOT_ reverted back to root.
I have verified that RH6.1 behaves correctly and does the reversions
I can't reproduce this. Which service are you logging into? Console login?
GDM? KDM? XDM? What are the contents of the relevant /etc/pam.d configuration
file and /etc/pam.d/system-auth?
Was definitely non-graphical console login. I run at runlevel 3. Default, full
BETA-2 install from scratch. Will reboot into BETA-2 and get a test-case..
Here is system-auth
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth sufficient /lib/security/pam_unix.so likeauth nullok md5 shadow
auth required /lib/security/pam_deny.so
account sufficient /lib/security/pam_unix.so
account required /lib/security/pam_deny.so
password required /lib/security/pam_cracklib.so retry=3
password sufficient /lib/security/pam_unix.so nullok use_authtok md5
password required /lib/security/pam_deny.so
session required /lib/security/pam_limits.so
session required /lib/security/pam_unix.so
And here is login
auth required /lib/security/pam_securetty.so
auth required /lib/security/pam_stack.so service=system-auth
auth required /lib/security/pam_nologin.so
account required /lib/security/pam_stack.so service=system-auth
password required /lib/security/pam_stack.so service=system-auth
session required /lib/security/pam_stack.so service=system-auth
session optional /lib/security/pam_console.so
Let me know if you want console.perms, but it is unchanged from the install. I
haven't changed ANY config files since the default install in fact.
OK... I see this problem if I
1) Log in on text console tty1 as "chris"
2) Log out
3) Log in on tty1 as "root"
4) "ls -l /dev/fd0" (or any other console device).
5) .. and it's still owned by "chris"
Let me know if you still can't reproduce
Are you using NIS?
According to "authconfig": no.
I'm blowing away my BETA2 for a BETA3 tonight. Will see if it persists.
I was able to (briefly) reproduce this on Beta 2, but not under Beta 3. I'm
tempted to chalk it up to compiler wackiness, as the pam_console module
didn't change between 6.2 and beta 2.
Nalin - when my BETA5 CD's arrive I will re-test and close if it does not
Note however a bugzilla deficiency: there is no resolution status "COMPILER
BETA5 seems to be behaving fine.
Perhaps whilst text console testing, I was logged in on X in the background.
Or perhaps it was compiler wackiness. I suspect an X login hanging around in the