Bug 177534 - pam_console_apply ignores xconsole entries
pam_console_apply ignores xconsole entries
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: pam (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Tomas Mraz
Jay Turner
Depends On:
  Show dependency treegraph
Reported: 2006-01-11 12:12 EST by Paul Raines
Modified: 2015-01-07 19:11 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2006-01-11 13:49:52 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Paul Raines 2006-01-11 12:12:02 EST
From Bugzilla Helper:
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; Media Center PC 3.0; .NET CLR 1.0.3705; .NET CLR 1.1.4322)

Description of problem:
pam_console_apply ignores xconsole entries in /etc/security/console.perms

For reasons I don't understand, sometimes a user who logins does not get ownership of any of the devices listed in /etc/security/console.perms.  Running pam_console_apply fixes this for all devices listed with <console> but not with <xconsole>

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1.Have a non-root user login to gdm X session
2.Run 'chown root /dev/console /dev/audio' 
3.Run 'pam_console_apply' 

Actual Results:  /dev/audio is back to the user owning it but /dev/console is not

Expected Results:  /dev/console should be back to owned by the logged in user

Additional info:
Comment 1 Tomas Mraz 2006-01-11 13:49:52 EST
This is a feature of pam_console_apply - it uses tty0 as hardwired default for
matching console class. This deficiency will be fixed in next release of Red Hat
Enterprise Linux - a new parameter to pam_console_apply is added to support tty
selection in runtime.

However what bothers me more is the "sometimes a user who logins does not get
ownership of any of the devices listed in /etc/security/console.perms". Could
you please find out the exact circumstances when this happens and report it as a
new bug report? This should be fixed if it is a real bug.
Comment 2 Paul Raines 2006-01-11 14:03:11 EST
I cannot reliably reproduce it.  But in this case I am sure the following 
somehow led to it.  The user hooked up a 2nd monitor to his video card.  I 
sshed to the box as root and did 'init 3', modified xorg.conf as needed, did a 
test using 'X -probeonly' and then did 'init 5' and he logged back in.

I have also seen it happen after someone crashes the X server somehow.  Back 
in the RH7 days, it could reliably be done if someone did Ctrl-Alt-Bksp. The 
device files would stay owned by that user even after someone else logged in.
Comment 3 Tomas Mraz 2006-01-11 14:16:56 EST
The first case seems too vague to me - I've tried to reproduce it but
pam_console worked fine.

The second problem should be fixed in current pam package in RHEL4 (pam-0.77-66.11).
Comment 4 Paul Raines 2006-01-11 15:37:38 EST
Sorry, I don't remember all the exact steps I went through in the first case.
The user has some problems with the dual screen config as he had used the 
Preferences -> Screen Resolution utility in the past and every time he logged 
in it would give him that old resolution he set even though he kept changing 
it.  We ending up wiping his whole GNome config (rm -rf .gnome .gconf* ....)
to fix it, something I end up having one of users do almost every day for some 
reason or another.  GNOME has just been getting worse release after release 
from my perspective.  When they removed the text field to type in a file path 
in the File Chooser Dialog I could have shot them.  Seems from recent 
comments, even Linus agrees.

Note You need to log in before you can comment on or make changes to this bug.