Red Hat Bugzilla – Bug 177534
pam_console_apply ignores xconsole entries
Last modified: 2015-01-07 19:11:23 EST
From Bugzilla Helper:
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; Media Center PC 3.0; .NET CLR 1.0.3705; .NET CLR 1.1.4322)
Description of problem:
pam_console_apply ignores xconsole entries in /etc/security/console.perms
For reasons I don't understand, sometimes a user who logins does not get ownership of any of the devices listed in /etc/security/console.perms. Running pam_console_apply fixes this for all devices listed with <console> but not with <xconsole>
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1.Have a non-root user login to gdm X session
2.Run 'chown root /dev/console /dev/audio'
Actual Results: /dev/audio is back to the user owning it but /dev/console is not
Expected Results: /dev/console should be back to owned by the logged in user
This is a feature of pam_console_apply - it uses tty0 as hardwired default for
matching console class. This deficiency will be fixed in next release of Red Hat
Enterprise Linux - a new parameter to pam_console_apply is added to support tty
selection in runtime.
However what bothers me more is the "sometimes a user who logins does not get
ownership of any of the devices listed in /etc/security/console.perms". Could
you please find out the exact circumstances when this happens and report it as a
new bug report? This should be fixed if it is a real bug.
I cannot reliably reproduce it. But in this case I am sure the following
somehow led to it. The user hooked up a 2nd monitor to his video card. I
sshed to the box as root and did 'init 3', modified xorg.conf as needed, did a
test using 'X -probeonly' and then did 'init 5' and he logged back in.
I have also seen it happen after someone crashes the X server somehow. Back
in the RH7 days, it could reliably be done if someone did Ctrl-Alt-Bksp. The
device files would stay owned by that user even after someone else logged in.
The first case seems too vague to me - I've tried to reproduce it but
pam_console worked fine.
The second problem should be fixed in current pam package in RHEL4 (pam-0.77-66.11).
Sorry, I don't remember all the exact steps I went through in the first case.
The user has some problems with the dual screen config as he had used the
Preferences -> Screen Resolution utility in the past and every time he logged
in it would give him that old resolution he set even though he kept changing
it. We ending up wiping his whole GNome config (rm -rf .gnome .gconf* ....)
to fix it, something I end up having one of users do almost every day for some
reason or another. GNOME has just been getting worse release after release
from my perspective. When they removed the text field to type in a file path
in the File Chooser Dialog I could have shot them. Seems from recent
comments, even Linus agrees.