Bug 13136 - PAM: console device grants not revoked on logout
Summary: PAM: console device grants not revoked on logout
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: pam
Version: 7.1
Hardware: i386
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Nalin Dahyabhai
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2000-06-27 22:44 UTC by Chris Evans
Modified: 2008-05-01 15:37 UTC (History)
2 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2000-07-21 22:12:26 UTC
Embargoed:


Attachments (Terms of Use)

Description Chris Evans 2000-06-27 22:44:46 UTC
I log in as "chris" on tty1
User "chris" gets ownership of /dev/fd0, /dev/gpmctl, etc. etc.
I log out
Ownership of all the devices has _NOT_ reverted back to root.
I have verified that RH6.1 behaves correctly and does the reversions

Comment 1 Nalin Dahyabhai 2000-07-03 07:24:39 UTC
I can't reproduce this.  Which service are you logging into?  Console login?
GDM?  KDM?  XDM?  What are the contents of the relevant /etc/pam.d configuration
file and /etc/pam.d/system-auth?

Comment 2 Chris Evans 2000-07-08 22:34:04 UTC
Was definitely non-graphical console login. I run at runlevel 3. Default, full
BETA-2 install from scratch. Will reboot into BETA-2 and get a test-case..

Comment 3 Chris Evans 2000-07-08 22:41:42 UTC
Here is system-auth
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth        sufficient    /lib/security/pam_unix.so likeauth nullok md5 shadow
auth        required      /lib/security/pam_deny.so
account     sufficient    /lib/security/pam_unix.so
account     required      /lib/security/pam_deny.so
password    required      /lib/security/pam_cracklib.so retry=3
password    sufficient    /lib/security/pam_unix.so nullok use_authtok md5
shadow
password    required      /lib/security/pam_deny.so
session     required      /lib/security/pam_limits.so
session     required      /lib/security/pam_unix.so

And here is login
#%PAM-1.0
auth       required     /lib/security/pam_securetty.so
auth       required     /lib/security/pam_stack.so service=system-auth
auth       required     /lib/security/pam_nologin.so
account    required     /lib/security/pam_stack.so service=system-auth
password   required     /lib/security/pam_stack.so service=system-auth
session    required     /lib/security/pam_stack.so service=system-auth
session    optional     /lib/security/pam_console.so

Let me know if you want console.perms, but it is unchanged from the install. I
haven't changed ANY config files since the default install in fact.


Comment 4 Chris Evans 2000-07-08 22:50:11 UTC
OK... I see this problem if I
1) Log in on text console tty1 as "chris"
2) Log out
3) Log in on tty1 as "root"
4) "ls -l /dev/fd0" (or any other console device).
5) .. and it's still owned by "chris"

Let me know if you still can't reproduce

Comment 5 Nalin Dahyabhai 2000-07-10 15:23:29 UTC
Are you using NIS?

Comment 6 Chris Evans 2000-07-10 20:10:03 UTC
According to "authconfig": no.
I'm blowing away my BETA2 for a BETA3 tonight. Will see if it persists.

Comment 7 Nalin Dahyabhai 2000-07-10 20:41:53 UTC
I was able to (briefly) reproduce this on Beta 2, but not under Beta 3.  I'm
tempted to chalk it up to compiler wackiness, as the pam_console module
didn't change between 6.2 and beta 2.

Comment 8 Chris Evans 2000-07-21 22:12:20 UTC
Nalin - when my BETA5 CD's arrive I will re-test and close if it does not
reproduce.
Note however a bugzilla deficiency: there is no resolution status "COMPILER
WACKINESS" :-)

Comment 9 Chris Evans 2000-07-31 22:04:13 UTC
BETA5 seems to be behaving fine.
Perhaps whilst text console testing, I was logged in on X in the background.
Or perhaps it was compiler wackiness. I suspect an X login hanging around in the
background, though.
Anyway.. closed.


Note You need to log in before you can comment on or make changes to this bug.