From Bugzilla Helper: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; Media Center PC 3.0; .NET CLR 1.0.3705; .NET CLR 1.1.4322) Description of problem: pam_console_apply ignores xconsole entries in /etc/security/console.perms For reasons I don't understand, sometimes a user who logins does not get ownership of any of the devices listed in /etc/security/console.perms. Running pam_console_apply fixes this for all devices listed with <console> but not with <xconsole> Version-Release number of selected component (if applicable): pam-0.77-40 How reproducible: Always Steps to Reproduce: 1.Have a non-root user login to gdm X session 2.Run 'chown root /dev/console /dev/audio' 3.Run 'pam_console_apply' Actual Results: /dev/audio is back to the user owning it but /dev/console is not Expected Results: /dev/console should be back to owned by the logged in user Additional info:
This is a feature of pam_console_apply - it uses tty0 as hardwired default for matching console class. This deficiency will be fixed in next release of Red Hat Enterprise Linux - a new parameter to pam_console_apply is added to support tty selection in runtime. However what bothers me more is the "sometimes a user who logins does not get ownership of any of the devices listed in /etc/security/console.perms". Could you please find out the exact circumstances when this happens and report it as a new bug report? This should be fixed if it is a real bug.
I cannot reliably reproduce it. But in this case I am sure the following somehow led to it. The user hooked up a 2nd monitor to his video card. I sshed to the box as root and did 'init 3', modified xorg.conf as needed, did a test using 'X -probeonly' and then did 'init 5' and he logged back in. I have also seen it happen after someone crashes the X server somehow. Back in the RH7 days, it could reliably be done if someone did Ctrl-Alt-Bksp. The device files would stay owned by that user even after someone else logged in.
The first case seems too vague to me - I've tried to reproduce it but pam_console worked fine. The second problem should be fixed in current pam package in RHEL4 (pam-0.77-66.11).
Sorry, I don't remember all the exact steps I went through in the first case. The user has some problems with the dual screen config as he had used the Preferences -> Screen Resolution utility in the past and every time he logged in it would give him that old resolution he set even though he kept changing it. We ending up wiping his whole GNome config (rm -rf .gnome .gconf* ....) to fix it, something I end up having one of users do almost every day for some reason or another. GNOME has just been getting worse release after release from my perspective. When they removed the text field to type in a file path in the File Chooser Dialog I could have shot them. Seems from recent comments, even Linus agrees.