Bug 30074 - login does not check /etc/usertty
login does not check /etc/usertty
Product: Red Hat Linux
Classification: Retired
Component: util-linux (Show other bugs)
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Elliot Lee
David Lawrence
: Security
Depends On:
  Show dependency treegraph
Reported: 2001-02-28 15:02 EST by Need Real Name
Modified: 2007-04-18 12:31 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2001-07-16 09:29:32 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Need Real Name 2001-02-28 15:02:57 EST
From Bugzilla Helper:
User-Agent: Mozilla/4.0 (compatible; MSIE 4.01; Windows 98)

man page for login describes structure of /etc/usertty file for limiting 
access, but program does not appear to check this file and limit access.  
(Providing functionality as described in man page would be preferable to 
modifying man page.)  Following examples in man page does not limit 
access, and "strings /bin/login" lists /etc/securetty but not 
/etc/usertty, so apparently program does not reference the file.

Reproducible: Always
Steps to Reproduce:
1.Create a file /etc/usertty with the following lines (substitute valid 
usernames & IP addresses for your system for joe1 and joe2 and :
joe1     tty1

2. Try to log in as joe1 on (say) tty2.  Try to log in as joe2 from 
somewhere other than

Actual Results:  Both logins succeed.

Expected Results:  Both logins should fail.

"strings /bin/login | grep tty" found /etc/securetty but not 
/etc/usertty.  My conclusion is that checking of this file is not compiled 
into the program.
Comment 1 Martin Lichtin 2001-06-13 15:30:03 EDT
I'm running into the same problem under RH 7.1. /etc/usertty
does seem to be ignored. Is there another way to restrict logins?
Comment 2 Elliot Lee 2001-07-17 19:41:37 EDT
PAM has a number of modules (e.g. pam_listfile) which perform the type of tasks
you are describing, and it's the recommended way to perform any and all. Please
look through the PAM administrator documentation, and if a module does not exist
to perform the type of restriction you are wanting, talk to the maintainer of
that module (e.g. via a feature request in bugzilla).
Comment 3 Elliot Lee 2001-07-17 19:47:21 EDT
I've added a note to this effect to the man page, BTW.

Note You need to log in before you can comment on or make changes to this bug.