login: FATAL: can't reopen tty: permission denied
Lara Adianto
m1r4cle_26 at yahoo.com
Fri Nov 5 07:09:44 UTC 2004
Hi list,
I'm a bit confused with the usage of login command.
According to the man page, it's used to sign onto a
system or to switch from one user to another at any
time. However, it is not mentioned there who can use
it.
My questions:
1. Can root use login to switch to another user ?
If my understanding is correct, root can use login to
switch to another user, provided that the tty used is
listed in /etc/securetty (Please correct me if i'm
wrong). However, if the tty used by root is not listed
in /etc/securetty, will root be able to use login if I
add his tty to /etc/securetty. I've tried this, but
seems that it has no effect. Everytime root tries to
login, the console will be closed automatically. No
log message found in /var/log/messages. Is this how
it's supposed to work ?
2. Can't switch from a non-root user to another
non-root user. Why ?
>From root, I su to a non-root user, then try to switch
to another user using login, I got:
Nov 5 14:37:46 localhost su(pam_unix)[5452]: session
opened for user user1 by root(uid=0)
Nov 5 14:38:07 localhost login: FATAL: can't reopen
tty: Permission denied
What's wrong ? When and for what purpose should login
be used ? What's the difference between su and login ?
[root at localhost root]# ldd /bin/login
libcrypt.so.1 => /lib/libcrypt.so.1
(0x40028000)
libpam.so.0 => /lib/libpam.so.0 (0x40055000)
libdl.so.2 => /lib/libdl.so.2 (0x4005d000)
libpam_misc.so.0 => /lib/libpam_misc.so.0
(0x40060000)
libc.so.6 => /lib/tls/libc.so.6 (0x42000000)
/lib/ld-linux.so.2 => /lib/ld-linux.so.2
(0x40000000)
I don't think this is a PAM problem, but anyway:
[root at localhost root]# vi /etc/pam.d/login
#%PAM-1.0
auth required pam_securetty.so
auth sufficient pam_stack.so
service=system-auth
auth required pam_nologin.so
account required pam_stack.so
service=system-auth
password required pam_stack.so
service=system-auth
session required pam_stack.so
service=system-auth
session optional pam_console.so
[root at localhost root]# vi /etc/pam.d/system-auth
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time
authconfig is run.
auth required
/lib/security/$ISA/pam_env.so
auth sufficient
/lib/security/$ISA/pam_unix.so likeauth nullok
auth required
/lib/security/$ISA/pam_deny.so
account required
/lib/security/$ISA/pam_unix.so
password required
/lib/security/$ISA/pam_cracklib.so retry=3 type=
password sufficient
/lib/security/$ISA/pam_unix.so nullok use_authtok md5
shadow
password required
/lib/security/$ISA/pam_deny.so
session required
/lib/security/$ISA/pam_limits.so
session required
/lib/security/$ISA/pam_unix.so
Thanks !
lara
=====
------------------------------------------------------------------------------------
La vie, voyez-vous, ca n'est jamais si bon ni si mauvais qu'on croit
- Guy de Maupassant -
------------------------------------------------------------------------------------
__________________________________
Do you Yahoo!?
Check out the new Yahoo! Front Page.
www.yahoo.com
More information about the redhat-list
mailing list