[Pkg-shadow-devel] Bug#190215: Bug probably no more relevant

Reinhard Müller Reinhard Müller <reinhard.mueller@bytewise.at>, 190215@bugs.debian.org
Tue, 24 May 2005 22:18:18 +0200 

--=-A9nRPj7bj+hX8w9aqZHx
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

Am Dienstag, den 24.05.2005, 18:59 +0200 schrieb Christian Perrier:
> In Debian bug #190215, you mention:
>=20
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
> login logs a message to syslog (with severity LOG_NOTICE) when a
> successful root login occures.
> This is a very good feature, and I think su should do the same.
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
>=20
> As su and login now use PAM, su to root triggers the following entry
> in logs (auth.log actually):
>=20
>=20
> May 24 18:54:41 mykerinos su[21364]: (pam_unix) authentication failure; l=
ogname=3D uid=3D7426 euid=3D0 tty=3Dpts/10 ruser=3Dbubulle rhost=3D  user=
=3Droot
> May 24 18:54:43 mykerinos su[21364]: pam_authenticate: Authenticationfail=
ure
> May 24 18:54:43 mykerinos su[21364]: - pts/10 bubulle:root
> May 24 18:54:47 mykerinos su[21365]: + pts/10 bubulle:root
> May 24 18:54:47 mykerinos su[21365]: (pam_unix) session opened for user r=
oot by (uid=3D7426)
>=20
> The first is an unsuccessful attempt, the latter a successful attempt.
>=20
> I think this is enough information and hence I propose closing this
> bug report.

It's not exactly what I was after.

The pam log messages are of priority LOG_INFO and are generated
regardless of the user that logs in. The login program issues an
additional log message with (higher) priority LOG_NOTICE for root
logins. I think this makes sense, because somebody logging in as root is
always a more "interesting" event than somebody logging in with a
"normal" user name, and this justifies (IMHO) a log message with higher
priority.

It seems that not many people divide their logs by priority, but I, for
example, do :-)

Thanks,
Reinhard

--=-A9nRPj7bj+hX8w9aqZHx
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: Dies ist ein digital signierter Nachrichtenteil

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQBCk4wK4LscQraoxVkRAqyUAJ9NObnPbWIQH+ZwJvXb9R+5tR+40QCbBVjB
mqHEbvKhW9C7GG/P7NB2NIc=
=77is
-----END PGP SIGNATURE-----

--=-A9nRPj7bj+hX8w9aqZHx--