Red Hat Bugzilla – Bug 13136
PAM: console device grants not revoked on logout
Last modified: 2008-05-01 11:37:56 EDT
I log in as "chris" on tty1 User "chris" gets ownership of /dev/fd0, /dev/gpmctl, etc. etc. I log out Ownership of all the devices has _NOT_ reverted back to root. I have verified that RH6.1 behaves correctly and does the reversions
I can't reproduce this. Which service are you logging into? Console login? GDM? KDM? XDM? What are the contents of the relevant /etc/pam.d configuration file and /etc/pam.d/system-auth?
Was definitely non-graphical console login. I run at runlevel 3. Default, full BETA-2 install from scratch. Will reboot into BETA-2 and get a test-case..
Here is system-auth #%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time authconfig is run. auth sufficient /lib/security/pam_unix.so likeauth nullok md5 shadow auth required /lib/security/pam_deny.so account sufficient /lib/security/pam_unix.so account required /lib/security/pam_deny.so password required /lib/security/pam_cracklib.so retry=3 password sufficient /lib/security/pam_unix.so nullok use_authtok md5 shadow password required /lib/security/pam_deny.so session required /lib/security/pam_limits.so session required /lib/security/pam_unix.so And here is login #%PAM-1.0 auth required /lib/security/pam_securetty.so auth required /lib/security/pam_stack.so service=system-auth auth required /lib/security/pam_nologin.so account required /lib/security/pam_stack.so service=system-auth password required /lib/security/pam_stack.so service=system-auth session required /lib/security/pam_stack.so service=system-auth session optional /lib/security/pam_console.so Let me know if you want console.perms, but it is unchanged from the install. I haven't changed ANY config files since the default install in fact.
OK... I see this problem if I 1) Log in on text console tty1 as "chris" 2) Log out 3) Log in on tty1 as "root" 4) "ls -l /dev/fd0" (or any other console device). 5) .. and it's still owned by "chris" Let me know if you still can't reproduce
Are you using NIS?
According to "authconfig": no. I'm blowing away my BETA2 for a BETA3 tonight. Will see if it persists.
I was able to (briefly) reproduce this on Beta 2, but not under Beta 3. I'm tempted to chalk it up to compiler wackiness, as the pam_console module didn't change between 6.2 and beta 2.
Nalin - when my BETA5 CD's arrive I will re-test and close if it does not reproduce. Note however a bugzilla deficiency: there is no resolution status "COMPILER WACKINESS" :-)
BETA5 seems to be behaving fine. Perhaps whilst text console testing, I was logged in on X in the background. Or perhaps it was compiler wackiness. I suspect an X login hanging around in the background, though. Anyway.. closed.