Bug 4298 - pam_console does not reset group.
Summary: pam_console does not reset group.
Status: CLOSED NEXTRELEASE
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: pam (Show other bugs)
(Show other bugs)
Version: 6.0
Hardware: All Linux
low
medium
Target Milestone: ---
Assignee: David Lawrence
QA Contact:
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 1999-08-01 09:58 UTC by matthew
Modified: 2008-05-01 15:37 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 1999-08-02 14:56:07 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

Description matthew 1999-08-01 09:58:29 UTC
When a user logins to the console they are given ownership
of various device files.  When they log back out the
ownership is reverted back to what ever is specified in
"/etc/security/console.perms".  Howevcr while they own the
file it is possible for them to change the group of the
files and this isn't reverted.  In the default configuration
this isn't really a big risk becuase the specified modes
don't grant any special rights to the group.  Howerver, if a
jax or zip drives are installed these the group is given
read/write access.  Obviously this would also cause problems
if any of the configured permissions are changed from the
default.  I don't think this is serious but at it's
certainly unexpected and unnessisary behaviour.

Patch to allow a revert group to follow.

Comment 1 Michael K. Johnson 1999-08-02 14:56:59 UTC
Yuck, you are right.  I'm applying your patch, and extending the man
pages and the default console.perms appropriately.  Thanks for
noticing this.  Our next pam release will have this functionality
and will include groups (where necessary) in the console.perms file.

Your patch did an excellent job of following the style of the code
you were modifying, by the way.  :-)


Note You need to log in before you can comment on or make changes to this bug.