Description of problem: Each time I run 'su -l', a new '/root/.xauth*' file seems to be created. This file seem never to be removed, even if I exit from the su-ed shell. I now have over 400 such files in /root. Here is a snippet from 'ls -lat /root/.auth*': -rw------- 1 root root 66 2007-01-13 10:23 /root/.xauthO0EsI4 -rw------- 1 root root 66 2007-01-13 10:10 /root/.xauthb0TFg7 -rw------- 1 root root 66 2007-01-13 10:00 /root/.xauthtEb6ek -rw------- 1 root root 66 2007-01-13 09:28 /root/.xauthiMfByg -rw------- 1 root root 66 2007-01-13 09:05 /root/.xauthgPgwCt -rw------- 1 root root 66 2007-01-13 08:51 /root/.xauthXfHqPb -rw------- 1 root root 66 2007-01-12 16:07 /root/.xauthkGktJY -rw------- 1 root root 66 2007-01-12 15:05 /root/.xauthF4bCYn -rw------- 1 root root 66 2007-01-12 09:16 /root/.xauthWZ8xsT -rw------- 1 root root 66 2007-01-12 07:24 /root/.xauthEzxJHe -rw------- 1 root root 66 2007-01-12 07:11 /root/.xauthH7s3TA -rw------- 1 root root 66 2007-01-12 07:07 /root/.xauthZrt9Bp -rw------- 1 root root 66 2007-01-12 06:28 /root/.xauthONpOPB Oldest one I have is: -rw------- 1 root root 66 2006-09-19 15:09 /root/.xauthRQ7SbM -rw------- 1 root root 66 2006-09-19 07:04 /root/.xauthWwbY8z That may be when I got this laptop..... Version-Release number of selected component (if applicable): coreutils-6.7-1.fc7 How reproducible: Everytime Steps to Reproduce: 1. run 'su -l' 2. run 'ls -la /root/.xauth*' 3. Actual results: Expected results: Additional info:
Is this coming from /lib/security/pam_xauth.so ?
Uhhh this seems fixed now. pam-0.99.7.0-2.fc7 ?
Yes it is. It was a bug in pam_keyinit.so module.
This appears to have regressed, starting about 3 weeks ago. Could this be a problem with pam-0.99.7.1-3.fc7 ? [root@localhost ~]# ls -lat .xauth* -rw------- 1 root root 66 2007-03-08 06:16 .xauthPnmTmI -rw------- 1 root root 66 2007-03-06 14:09 .xauthgVJXtV -rw------- 1 root root 66 2007-03-03 16:56 .xauth0djkLb -rw------- 1 root root 66 2007-03-03 16:48 .xauth5Tr9fc -rw------- 1 root root 66 2007-03-03 10:42 .xauthOpqrlL -rw------- 1 root root 66 2007-03-02 15:20 .xauth6YIqeT -rw------- 1 root root 66 2007-03-01 15:42 .xauthgcebzg -rw------- 1 root root 66 2007-03-01 13:36 .xauthXlpiWJ -rw------- 1 root root 66 2007-02-27 09:00 .xauthWeNUpB -rw------- 1 root root 66 2007-02-25 14:33 .xauthlNgl6g -rw------- 1 root root 66 2007-02-25 10:33 .xauthjteXA4 -rw------- 1 root root 66 2007-02-24 11:50 .xauthq2rR5k -rw------- 1 root root 66 2007-02-23 08:47 .xauthDBPVPL -rw------- 1 root root 66 2007-02-22 06:24 .xauthe3bItB -rw------- 1 root root 66 2007-02-21 06:53 .xauthNVYo2x -rw------- 1 root root 66 2007-02-21 06:52 .xauthfFgfMk -rw------- 1 root root 66 2007-02-20 14:00 .xauthpNmM5W -rw------- 1 root root 66 2007-02-20 10:32 .xauthn9dNDT -rw------- 1 root root 66 2007-02-20 09:36 .xauthy3YTfa -rw------- 1 root root 66 2007-02-19 17:17 .xauthNR3gOm -rw------- 1 root root 66 2007-02-15 08:22 .xauth0nSCWj
Strange, I cannot reproduce the problem with latest rawhide. Can you strace attach the su process before you log out of the 'su' session?
Below is the strace, but your request may clarify..... I frequently reboot/shutdown without exiting from 'su -'. If these files are removed only at normal exit, they would tend to linger on.... That possible? Process 3698 attached - interrupt to quit waitpid(-1, [{WIFEXITED(s) && WEXITSTATUS(s) == 0}], WSTOPPED) = 3709 open("/etc/security/pam_env.conf", O_RDONLY|O_LARGEFILE) = 4 fstat64(4, {st_mode=S_IFREG|0644, st_size=2980, ...}) = 0 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7f3c000 read(4, "#\n# This is the configuration fi"..., 4096) = 2980 read(4, "", 4096) = 0 close(4) = 0 munmap(0xb7f3c000, 4096) = 0 open("/etc/environment", O_RDONLY|O_LARGEFILE) = 4 fstat64(4, {st_mode=S_IFREG|0644, st_size=0, ...}) = 0 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7f3c000 read(4, "", 4096) = 0 close(4) = 0 munmap(0xb7f3c000, 4096) = 0 socket(PF_NETLINK, SOCK_RAW, 9) = 4 fcntl64(4, F_SETFD, FD_CLOEXEC) = 0 readlink("/proc/self/exe", "/bin/su", 4095) = 7 sendto(4, "h\0\0\0P\4\5\0\5\0\0\0\0\0\0\0PAM: setcred acc"..., 104, 0, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 104 poll([{fd=4, events=POLLIN, revents=POLLIN}], 1, 100) = 1 recvfrom(4, "$\0\0\0\2\0\0\0\5\0\0\0r\16\0\0\0\0\0\0h\0\0\0P\4\5\0\5"..., 8988, MSG_PEEK|MSG_DONTWAIT, {sa_family=AF_NETLINK, pid=0, groups=00000000}, [12]) = 36 recvfrom(4, "$\0\0\0\2\0\0\0\5\0\0\0r\16\0\0\0\0\0\0h\0\0\0P\4\5\0\5"..., 8988, MSG_DONTWAIT, {sa_family=AF_NETLINK, pid=0, groups=00000000}, [12]) = 36 close(4) = 0 geteuid32() = 0 getegid32() = 500 setregid32(-1, 0) = 0 keyctl(0x3, 0x6aae3bd, 0, 0, 0x1f4) = 0 setregid32(-1, 500) = 0 getuid32() = 500 open("/etc/passwd", O_RDONLY) = 4 fcntl64(4, F_GETFD) = 0 fcntl64(4, F_SETFD, FD_CLOEXEC) = 0 fstat64(4, {st_mode=S_IFREG|0644, st_size=1899, ...}) = 0 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7f3c000 read(4, "root:x:0:0:root:/root:/bin/bash\n"..., 4096) = 1899 close(4) = 0 munmap(0xb7f3c000, 4096) = 0 getuid32() = 500 time(NULL) = 1174328410 stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=2819, ...}) = 0 stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=2819, ...}) = 0 stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=2819, ...}) = 0 send(3, "<86>Mar 19 11:20:10 su: pam_unix"..., 76, MSG_NOSIGNAL) = 76 unlink("/root/.xauthgOjo0T") = 0 socket(PF_NETLINK, SOCK_RAW, 9) = 4 fcntl64(4, F_SETFD, FD_CLOEXEC) = 0 readlink("/proc/self/exe", "/bin/su", 4095) = 7 sendto(4, "p\0\0\0R\4\5\0\6\0\0\0\0\0\0\0PAM: session clo"..., 112, 0, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 112 poll([{fd=4, events=POLLIN, revents=POLLIN}], 1, 100) = 1 recvfrom(4, "$\0\0\0\2\0\0\0\6\0\0\0r\16\0\0\0\0\0\0p\0\0\0R\4\5\0\6"..., 8988, MSG_PEEK|MSG_DONTWAIT, {sa_family=AF_NETLINK, pid=0, groups=00000000}, [12]) = 36 recvfrom(4, "$\0\0\0\2\0\0\0\6\0\0\0r\16\0\0\0\0\0\0p\0\0\0R\4\5\0\6"..., 8988, MSG_DONTWAIT, {sa_family=AF_NETLINK, pid=0, groups=00000000}, [12]) = 36 close(4) = 0 munmap(0x884000, 6124) = 0 munmap(0x7c9000, 13300) = 0 munmap(0xc3d000, 97476) = 0 munmap(0x4f74a000, 93012) = 0 munmap(0x4f76e000, 285024) = 0 munmap(0x4f7b6000, 96040) = 0 munmap(0xe75000, 5856) = 0 munmap(0x121000, 14700) = 0 munmap(0x617000, 30464) = 0 munmap(0x110000, 46240) = 0 munmap(0x41172000, 184636) = 0 munmap(0x2bd000, 4436) = 0 munmap(0xef0000, 14248) = 0 munmap(0x11c000, 15352) = 0 close(1) = 0 close(2) = 0 exit_group(0) = ? Process 3698 detached [root@localhost ~]#
Yes, when not exited cleanly from su, these files will stay there - there is no process which could remove them. -> back to CLOSED-RAWHIDE as the original problem indeed is fixed.