SCIENTIFIC-LINUX-USERS Archives

August 2008

SCIENTIFIC-LINUX-USERS@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Re: [5.1] Logged-in users aren't seen
From:
Jon Peatfield <[log in to unmask]>
Reply To:
Jon Peatfield <[log in to unmask]>
Date:
Fri, 15 Aug 2008 19:00:30 +0100
Content-Type:
TEXT/PLAIN
Parts/Attachments:
TEXT/PLAIN (78 lines) 
On Fri, 15 Aug 2008, Brett Viren wrote:

> Andrea <[log in to unmask]> writes:
>
>> Il 15/08/2008 alle 10:57, Dr Andrew C Aitchison ha scritto:
>
>>> Login processes have to register with utmp, but not all login
>>> processes have permission to do this (essentially by writing to
>>> /var/log/wtmp).  xterm is the program which springs to mind as
>>> sometimes not have having permission to do this.
>>
>> Interesting. I don't know much about this topic, so any pointers are
>> welcome.
>
> I don't have access to SL5.1 but on 4.4 xterm has no set-u/g id bit:
>
> bv@minos05:~> ls -l /usr/bin/xterm
> -rwxr-xr-x  1 root root 258396 Nov 15  2007 /usr/bin/xterm*
>
> On my Debian workstation:
>
> bviren@lycastus:~> ls -l /usr/bin/xterm
> -rwxr-sr-x 1 root utmp 318832 Mar 19 10:09 /usr/bin/xterm*
> bviren@lycastus:~> ls -l /var/log/wtmp
> -rw-rw-r-- 1 root utmp 109440 Aug 15 11:25 /var/log/wtmp
>
> So the set-gid utmp lets xterm write to wtmp.  I can't conceive of why
> TUV doesn't do this as well.

On sl4x because xterm is linked against libutempter it doesn't need to be 
setuid/setgid, that piece of code has a little setgid helper.

$ ldd /usr/bin/xterm | grep libutempter
         libutempter.so.0 => /usr/lib64/libutempter.so.0 (0x0000002a96460000)
$ rpm -qlf /usr/lib64/libutempter.so.0
/usr/include/utempter.h
/usr/lib64/libutempter.so
/usr/lib64/libutempter.so.0
/usr/lib64/libutempter.so.0.5.5
/usr/sbin/utempter
/usr/share/doc/utempter-0.5.5
/usr/share/doc/utempter-0.5.5/COPYING
$ /bin/ls -al /usr/sbin/utempter
-rwxr-sr-x  1 root utmp 17452 Mar 15  2005 /usr/sbin/utempter

Having said that on sl5x xterm IS setgid but - utempter not utmp!

$ /bin/ls -l /usr/bin/xterm
-rwxr-sr-x 1 root utempter 339480 Jul 11  2007 /usr/bin/xterm
$ ldd /usr/bin/xterm | grep -i utempter
         libutempter.so.0 => /usr/lib64/libutempter.so.0 (0x00002aaaac3db000)
$ rpm -qlf /usr/lib64/libutempter.so.0
/usr/lib64/libutempter.so.0
/usr/lib64/libutempter.so.1.1.4
/usr/libexec/utempter
/usr/libexec/utempter/utempter
/usr/share/doc/libutempter-1.1.4
/usr/share/doc/libutempter-1.1.4/COPYING
/usr/share/doc/libutempter-1.1.4/README
$ /bin/ls -al /usr/libexec/utempter/utempter
/bin/ls: /usr/libexec/utempter/utempter: Permission denied

as root you can see why:

# /bin/ls -ald /usr/libexec/utempter /usr/libexec/utempter/utempter
drwx--x--- 2 root utempter 4096 Mar 27  2007 /usr/libexec/utempter
-rwx--s--x 1 root utmp     6736 Apr  4  2007 /usr/libexec/utempter/utempter

Obviously the utempter code was changed so only those in the utempter 
group can use it, presumably as a security measure.

Now gnome-terminal and the kde one (I forget the name) do things a 
different way -- why cant they all agree on how best to do this stuff...

-- 
Jon Peatfield,  Computer Officer,  DAMTP,  University of Cambridge
Mail:  [log in to unmask]     Web:  http://www.damtp.cam.ac.uk/

ATOM RSS1 RSS2