Red Hat Bugzilla – Bug 30074
login does not check /etc/usertty
Last modified: 2007-04-18 12:31:51 EDT
From Bugzilla Helper:
User-Agent: Mozilla/4.0 (compatible; MSIE 4.01; Windows 98)
man page for login describes structure of /etc/usertty file for limiting
access, but program does not appear to check this file and limit access.
(Providing functionality as described in man page would be preferable to
modifying man page.) Following examples in man page does not limit
access, and "strings /bin/login" lists /etc/securetty but not
/etc/usertty, so apparently program does not reference the file.
Steps to Reproduce:
1.Create a file /etc/usertty with the following lines (substitute valid
usernames & IP addresses for your system for joe1 and joe2 and
2. Try to log in as joe1 on (say) tty2. Try to log in as joe2 from
somewhere other than 192.168.1.5
Actual Results: Both logins succeed.
Expected Results: Both logins should fail.
"strings /bin/login | grep tty" found /etc/securetty but not
/etc/usertty. My conclusion is that checking of this file is not compiled
into the program.
I'm running into the same problem under RH 7.1. /etc/usertty
does seem to be ignored. Is there another way to restrict logins?
PAM has a number of modules (e.g. pam_listfile) which perform the type of tasks
you are describing, and it's the recommended way to perform any and all. Please
look through the PAM administrator documentation, and if a module does not exist
to perform the type of restriction you are wanting, talk to the maintainer of
that module (e.g. via a feature request in bugzilla).
I've added a note to this effect to the man page, BTW.