Page 1 of 1

Login command problem?

Posted: 2011/11/02 14:53:38
by romangoward
I'm trying to switch users with "login" command under CentOS-5.4, CentOS-5.7, CentOS-6.0
If I execute this command as root — shell is terminated (ssh):

[quote][root@nebula ~]# login test
Connection to closed.

If i login in system as user:

[test@nebula ~]$ login test2
Login incorrect

Nov 2 22:09:25 nebula login: pam_unix(login:auth): authentication failure; logname=test uid=500 euid=500 tty=pts/0 ruser= rhost= user=test2
Nov 2 22:09:27 nebula login: FAILED LOGIN 1 FROM (null) FOR test2, Authentication failure

Hmm.. under Debian/Ubuntu systems it work's with "sudo".

Add's users "test" & "test2" in group "testo", and edit sudoers with next step: %testo ALL=(ALL) ALL

Another one shot:
[test@nebula ~]$ sudo login test2

We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:

#1) Respect the privacy of others.
#2) Think before you type.
#3) With great power comes great responsibility.

[sudo] password for test:
Connection to closed.

Nov 2 22:15:37 nebula sudo: test : TTY=pts/0 ; PWD=/home/test ; USER=root ; COMMAND=/bin/login test2
Nov 2 22:15:37 nebula sshd[2745]: Received disconnect from 11: disconnected by user
Nov 2 22:15:37 nebula login: pam_unix(login:auth): conversation failed
Nov 2 22:15:37 nebula login: pam_unix(login:auth): auth could not identify password for [test2]
Nov 2 22:15:37 nebula login: FAILED LOGIN 1 FROM (null) FOR test2, Authentication failure
Nov 2 22:15:37 nebula login: pam_securetty(login:auth): cannot determine username
Nov 2 22:15:37 nebula login: pam_unix(login:auth): bad username [(null)]
Nov 2 22:15:37 nebula login: pam_succeed_if(login:auth): error retrieving user name: Success
Nov 2 22:15:37 nebula login: FAILED LOGIN SESSION FROM (null) FOR (null), Error in service module
Nov 2 22:15:37 nebula sshd[2741]: pam_unix(sshd:session): session closed for user test

Well, another difference between 5.4 and 5.7/6.0 is a description of "man login":
for 5.4 is:
[quote]login is used when signing onto a system. It can also be used to
switch from one user to another at any time (most modern shells have
support for this feature built into them, however).[/quote]

for 5.7/6.0 is:
[quote]login is used when signing onto a system.[/quote]

My /etc/pam.d/* config's on default state.
Any ideas? Should it work?

PS. "su" work fine.
[quote][test@nebula ~]$ id
uid=500(test) gid=500(test) groups=500(test),502(testo) context=user_u:system_r:unconfined_t
[test@nebula ~]$ su test2
[test2@nebula test]$ id
uid=501(test2) gid=501(test2) groups=501(test2),502(testo) context=user_u:system_r:unconfined_t
[test2@nebula test]$ su root
[root@nebula test]# id
uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel) context=user_u:system_r:unconfined_t
[root@nebula test]#

Login command problem?

Posted: 2011/11/04 14:32:59
by pschaff
Welcome to the CentOS fora. Please see the recommended reading for new users linked in my signature.

What you are seeing appears to be the expected behavior. From "man login"[code]
A recursive login, as used to be possible in the good old days, no
longer works; for most purposes su(1) is a satisfactory substitute.
Indeed, for security reasons, login does a vhangup() system call to
remove any possible listening processes on the tty. This is to avoid
password sniffing. If one uses the command "login", then the surround-
ing shell gets killed by vhangup() because it’s no longer the true
owner of the tty. This can be avoided by using "exec login" in a top-
level shell or xterm.

Is there some functionality you need that cannot be achieved with "su" or "sudo"?