Bug 30074 - login does not check /etc/usertty
Summary: login does not check /etc/usertty
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: util-linux
Version: 6.2
Hardware: i386
OS: Linux
Target Milestone: ---
Assignee: Elliot Lee
QA Contact: David Lawrence
Keywords: Security
Depends On:
TreeView+ depends on / blocked
Reported: 2001-02-28 20:02 UTC by Need Real Name
Modified: 2007-04-18 16:31 UTC (History)
2 users (show)

Clone Of:
Last Closed: 2001-07-16 13:29:32 UTC

Attachments (Terms of Use)

Description Need Real Name 2001-02-28 20:02:57 UTC
From Bugzilla Helper:
User-Agent: Mozilla/4.0 (compatible; MSIE 4.01; Windows 98)

man page for login describes structure of /etc/usertty file for limiting 
access, but program does not appear to check this file and limit access.  
(Providing functionality as described in man page would be preferable to 
modifying man page.)  Following examples in man page does not limit 
access, and "strings /bin/login" lists /etc/securetty but not 
/etc/usertty, so apparently program does not reference the file.

Reproducible: Always
Steps to Reproduce:
1.Create a file /etc/usertty with the following lines (substitute valid 
usernames & IP addresses for your system for joe1 and joe2 and :
joe1     tty1

2. Try to log in as joe1 on (say) tty2.  Try to log in as joe2 from 
somewhere other than

Actual Results:  Both logins succeed.

Expected Results:  Both logins should fail.

"strings /bin/login | grep tty" found /etc/securetty but not 
/etc/usertty.  My conclusion is that checking of this file is not compiled 
into the program.

Comment 1 Martin Lichtin 2001-06-13 19:30:03 UTC
I'm running into the same problem under RH 7.1. /etc/usertty
does seem to be ignored. Is there another way to restrict logins?

Comment 2 Elliot Lee 2001-07-17 23:41:37 UTC
PAM has a number of modules (e.g. pam_listfile) which perform the type of tasks
you are describing, and it's the recommended way to perform any and all. Please
look through the PAM administrator documentation, and if a module does not exist
to perform the type of restriction you are wanting, talk to the maintainer of
that module (e.g. via a feature request in bugzilla).

Comment 3 Elliot Lee 2001-07-17 23:47:21 UTC
I've added a note to this effect to the man page, BTW.

Note You need to log in before you can comment on or make changes to this bug.