Bug 88370 - pam_console doesn't change ownership/permissions of directories
pam_console doesn't change ownership/permissions of directories
Product: Red Hat Linux
Classification: Retired
Component: pam (Show other bugs)
i686 Linux
medium Severity medium
: ---
: ---
Assigned To: Tomas Mraz
David Lawrence
: FutureFeature
Depends On:
  Show dependency treegraph
Reported: 2003-04-09 10:48 EDT by Jonathan Rawle
Modified: 2007-04-18 12:52 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2005-04-08 09:53:53 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Proposed patch (1.19 KB, patch)
2004-09-21 09:42 EDT, Tomas Mraz
no flags Details | Diff

  None (edit)
Description Jonathan Rawle 2003-04-09 10:48:56 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.9) Gecko/20020326

Description of problem:
If an entry is added to /etc/security/console.perms to change the ownership of a
directory to the console user, nothing happens when a user logs in at the
console. This behaviour has deliberately been changed at some stage, so that if
a directory is specified, the corresponding device is looked up in fstab and the
ownership of the device file changed instead.

In some circumstances, it would be useful to be able to change the ownership of
an ordinary directory to the console user, for example /mnt so that only the
console user may read mounted removable disks. I can't see that this would be a
security loophole as directories would have to be specified in console.perms for
their ownership to be changed in this way.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. Edit /etc/security/console.perms to include the line:
<console>  0500 /mnt         0755 root
2. As root, run /sbin/pam_console_apply

Actual Results:  Ownership of /mnt changes to the console user with permissions

Expected Results:  Onwership and permissions of /mnt are unchanged.

Additional info:
Comment 1 Jonathan Rawle 2003-04-09 10:51:10 EDT
Sorry, actual and expected results should be the other way round!
Comment 2 Tomas Mraz 2004-09-21 09:42:37 EDT
Created attachment 104065 [details]
Proposed patch

We should apply the chmod/chown to dir if it isn't found in fstab.
Comment 3 Tomas Mraz 2004-10-14 12:49:34 EDT
Actually the patch isn't right because it could cause unwanted changes.

We would have to invent a way how to signal to pam_console that the
user really wants to change directory permissions and not to look into
Comment 4 Tomas Mraz 2005-04-08 09:53:53 EDT
In the new pam from the Fedora Core Development you can use console.handlers for
this purpose.
The console.perms semantics shouldn't be changed.

Note You need to log in before you can comment on or make changes to this bug.