I'm getting these messages in /var/lock/secure, and console.perms is
Jan 29 21:42:18 cyberelk pam_console: Could not open lock file
/var/lock/console/tim, disallowing console access
drwxr-xr-x 2 root root 1024 Jan 29 21:49 /var/lock/console
/var is in partition /, mounted rw, 13% used.
This is an upgrade from Red Hat Linux 7. I haven't seen this on any
other machines though.
Which service are you using to log in (login or kdm or gdm or xdm)? Can you
strace the binary from another VT and determine what the error was? If the file
exists, what are its permissions?
This defect is considered MUST-FIX for Florence Gold release
This was just a stale /var/lock/console.lock file I think. I removed that and
now it works.
Hmm, the same thing happened on another machine now. :-/
In /etc/sysconfig/desktop, use KDE.
Reboot the machine to clear out any old console.lock.
Go to runlevel 5.
Log in remotely to observe.
In the remote terminal, verify that (for example) /dev/dsp is owned by
Log on as a non-root user.
Verify that /dev/dsp is owned by that user.
/dev/dsp is still owned by the non-root user.
This is looking at lot like bug 25048 now actually.
*** This bug has been marked as a duplicate of 25048 ***
Okay, 25048 is fixed, but this bug remains.
Created attachment 9002 [details]
The above patch fixes it for me. kdm was calling pam_close_session and setuid
in the wrong order.
Someone should check that this patch doesn't introduce any extra security
problems, but I think it's fine (it's similar to what /bin/login does).
Fixed, thanks for the patch.