Login command problem?

If it doesn't fit in another category, ask it here.
Post Reply
romangoward
Posts: 1
Joined: 2011/11/02 13:53:58

Login command problem?

Post by romangoward » 2011/11/02 14:53:38

Hello.
I'm trying to switch users with "login" command under CentOS-5.4, CentOS-5.7, CentOS-6.0
If I execute this command as root — shell is terminated (ssh):

[quote][root@nebula ~]# login test
Connection to xxx.xxx.xxx.xxx closed.
goward@Y550P:~$[/quote]

If i login in system as user:

[quote]
[test@nebula ~]$ login test2
Password:
Login incorrect
[/quote]

secure.log:
[quote]
Nov 2 22:09:25 nebula login: pam_unix(login:auth): authentication failure; logname=test uid=500 euid=500 tty=pts/0 ruser= rhost= user=test2
Nov 2 22:09:27 nebula login: FAILED LOGIN 1 FROM (null) FOR test2, Authentication failure
[/quote]

Hmm.. under Debian/Ubuntu systems it work's with "sudo".

Add's users "test" & "test2" in group "testo", and edit sudoers with next step: %testo ALL=(ALL) ALL

Another one shot:
[quote]
[test@nebula ~]$ sudo login test2

We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:

#1) Respect the privacy of others.
#2) Think before you type.
#3) With great power comes great responsibility.

[sudo] password for test:
Connection to xxx.xxx.xxx.xxx closed.
[/quote]

secure.log:
[quote]
Nov 2 22:15:37 nebula sudo: test : TTY=pts/0 ; PWD=/home/test ; USER=root ; COMMAND=/bin/login test2
Nov 2 22:15:37 nebula sshd[2745]: Received disconnect from xxx.xxx.xxx.xxx: 11: disconnected by user
Nov 2 22:15:37 nebula login: pam_unix(login:auth): conversation failed
Nov 2 22:15:37 nebula login: pam_unix(login:auth): auth could not identify password for [test2]
Nov 2 22:15:37 nebula login: FAILED LOGIN 1 FROM (null) FOR test2, Authentication failure
Nov 2 22:15:37 nebula login: pam_securetty(login:auth): cannot determine username
Nov 2 22:15:37 nebula login: pam_unix(login:auth): bad username [(null)]
Nov 2 22:15:37 nebula login: pam_succeed_if(login:auth): error retrieving user name: Success
Nov 2 22:15:37 nebula login: FAILED LOGIN SESSION FROM (null) FOR (null), Error in service module
Nov 2 22:15:37 nebula sshd[2741]: pam_unix(sshd:session): session closed for user test
[/quote]


Well, another difference between 5.4 and 5.7/6.0 is a description of "man login":
for 5.4 is:
[quote]login is used when signing onto a system. It can also be used to
switch from one user to another at any time (most modern shells have
support for this feature built into them, however).[/quote]

for 5.7/6.0 is:
[quote]login is used when signing onto a system.[/quote]

My /etc/pam.d/* config's on default state.
Any ideas? Should it work?


PS. "su" work fine.
[quote][test@nebula ~]$ id
uid=500(test) gid=500(test) groups=500(test),502(testo) context=user_u:system_r:unconfined_t
[test@nebula ~]$ su test2
Password:
[test2@nebula test]$ id
uid=501(test2) gid=501(test2) groups=501(test2),502(testo) context=user_u:system_r:unconfined_t
[test2@nebula test]$ su root
Password:
[root@nebula test]# id
uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel) context=user_u:system_r:unconfined_t
[root@nebula test]#
[/quote]

pschaff
Retired Moderator
Posts: 18276
Joined: 2006/12/13 20:15:34
Location: Tidewater, Virginia, North America
Contact:

Login command problem?

Post by pschaff » 2011/11/04 14:32:59

Welcome to the CentOS fora. Please see the recommended reading for new users linked in my signature.

What you are seeing appears to be the expected behavior. From "man login"[code]
A recursive login, as used to be possible in the good old days, no
longer works; for most purposes su(1) is a satisfactory substitute.
Indeed, for security reasons, login does a vhangup() system call to
remove any possible listening processes on the tty. This is to avoid
password sniffing. If one uses the command "login", then the surround-
ing shell gets killed by vhangup() because it’s no longer the true
owner of the tty. This can be avoided by using "exec login" in a top-
level shell or xterm.
[/code]

Is there some functionality you need that cannot be achieved with "su" or "sudo"?

Post Reply