Red Hat Bugzilla – Bug 75825
Failed RPM installs cause su to remain open
Last modified: 2007-03-26 23:57:44 EDT
Description of Problem:
Failed RPM installations leave the root permission on - applies when not logged
in as the root
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Download (say) the realplayer for Linux from real.com.
2. Open with the application installer, type in the root password
3. The RPM install fails (does not get as far as checking the RPM headers), the
keys remain. It is then possible to access locked off areas.
The keys remain, user still has su access
The failure should be reported on screen and su access removed
If the RPM fails to install, it is then not possible to install RPMs via either
the terminal or via the add application method - the only method of resetting
which will work is to reset the machine. Given it is a global addition when
installing an RPM, this is not suprising.
This is the intended behavior of using pam_timestamp... from the release notes
o Some of the configuration tools use pam_timestamp, a module for
implementing sudo-style authentication timestamps via PAM. The
authentication function checks for the existence of the timestamp
file. If the file exists and is less than five minutes old (the same
default as sudo), authentication succeeds without prompting for the
root password again.
If a program with pam_timestamp support is started from the Main Menu
button or Nautilus and successfully authenticated, a key icon will
appear in the panel notification area to show that an authenticated
user has cached root authentication. When the authentication expires,
the icon is removed.
Unfortunately, the revocation of the keys doesn't happen until the machine is
reset, nor are you able to install any other packages via either the rpm command
line or the add packages systems.
Unable to duplicate.. Curious
Me neither and as far as I know, Nalin hasn't heard anything either. In any
case, it's not redhat-config-packages doing it. If anything, it's pam_timestamp
but I haven't seen anything, although I'll leave it to Nalin to be definitive about
This bug is quite old, closing it off - the "not able to install packages" could
just be a problem with rpm locks files (try rm /var/lib/rpm/__* ), and the
authentication staying open is exepected behaviour of pam_timestamp.