Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 1600079 - Wrong entry in secure log when user login Description
Summary: Wrong entry in secure log when user login Description
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: gdm
Version: 7.5
Hardware: x86_64
OS: Linux
unspecified
low
Target Milestone: rc
: ---
Assignee: Ray Strode [halfline]
QA Contact: Desktop QE
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-07-11 11:33 UTC by Thibault
Modified: 2018-10-30 10:27 UTC (History)
4 users (show)

Fixed In Version: gdm-3.28.2-8.el7
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2018-10-30 10:27:16 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
GNOME Gitlab GNOME/gdm/issues/381 None None None 2018-07-11 13:19:52 UTC
Red Hat Product Errata RHSA-2018:3140 None None None 2018-10-30 10:27:56 UTC

Description Thibault 2018-07-11 11:33:12 UTC
Description of problem:

On ldap connected machines (did not check that with local account)

The secure log is displaying the last logged user for each connections.

To make it clear, here is the log:

**machine booted**
Nov 27 09:51:37 machine01 gdm-password]: pam_unix(gdm-password:session): session opened for user fred by (uid=0)
Nov 27 15:57:05 machine01 gdm-password]: pam_unix(gdm-password:session): session opened for user srehtark by fred(uid=0)
Nov 27 17:12:02 machine01 gdm-password]: pam_unix(gdm-password:session): session opened for user hauallga by fred(uid=0)
Nov 28 09:14:16 machine01 gdm-password]: pam_unix(gdm-password:session): session opened for user hauallga by fred(uid=0)
Nov 28 14:09:02 machine01 gdm-password]: pam_unix(gdm-password:session): session opened for user srehtark by fred(uid=0)
Nov 29 15:08:54 machine01 gdm-password]: pam_unix(gdm-password:session): session opened for user granes by fred(uid=0)

**reboot**
Nov 30 06:09:23 machine01 gdm-password]: pam_unix(gdm-password:session): session opened for user bantze by (uid=0)
Nov 30 10:38:04 machine01 gdm-password]: pam_unix(gdm-password:session): session opened for user frank by bantze(uid=0)

we can see "by fred(uid=0)" on each line except on the first one when the machine just booted, even if the user logged off.
after reboot, the first logged user was bantze then his name appears on the next lines until next reboot.

How reproducible: every time

Steps to Reproduce:
1. Logon/logout with multiples accounts and check /var/log/secure


Expected results:
not see the first username of the day in every logon log lines

Comment 2 Tomas Mraz 2018-07-11 12:17:08 UTC
That's probably because gdm either reuses the pam handle for the subsequent logins or it does not clear the utmp entry for the controlling terminal after the logout.

login uses LOGIN when it clears the utmp entry.

Comment 3 Ray Strode [halfline] 2018-07-11 13:19:53 UTC
probably fixed by this commit upstream:

https://gitlab.gnome.org/GNOME/gdm/commit/086d68f24d984fb48e44aa16aa815825cd5ed0bc

Comment 5 Tomas Pelka 2018-09-13 12:33:44 UTC
Hello Thibault,

assuming you have access to RHEL7.6 Beta, can you check whether this issue is still occurring on Beta and above? I can't reproduce locally on 7.6 so guessing it is resolved.

Let me know if don't have access to Beta I will verify sanityonly.

Thanks
-Tom

Comment 7 errata-xmlrpc 2018-10-30 10:27:16 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2018:3140


Note You need to log in before you can comment on or make changes to this bug.