[Pkg-shadow-devel] Bug#190215: marked as forwarded ([TO CLOSE 20050524] login: su should log successful root logins with LOG_NOTICE, like login does)

Debian Bug Tracking System owner@bugs.debian.org
Tue, 24 May 2005 23:03:10 -0700 

Your message dated Wed, 25 May 2005 07:36:27 +0200
with message-id <20050525053627.GY20553@mykerinos.kheops.frmug.org>
has caused the Debian Bug report #190215,
regarding [TO CLOSE 20050524] login: su should log successful root logins with LOG_NOTICE, like login does
to be marked as having been forwarded to the upstream software
author(s) Tomasz Kłoczko <kloczek@zie.pg.gda.pl>.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

---------------------------------------
Received: (at 190215-forwarded) by bugs.debian.org; 25 May 2005 05:54:21 +0000
>From bubulle@kheops.frmug.org Tue May 24 22:54:21 2005
Return-path: <bubulle@kheops.frmug.org>
Received: from onera.onera.fr [144.204.65.4] 
	by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
	id 1DaoqS-0006Dm-00; Tue, 24 May 2005 22:54:21 -0700
Received: from cc-mykerinos.onera (localhost [127.0.0.1])
        by onera.onera.fr  with ESMTP id j4P5sJrI000882;
        Wed, 25 May 2005 07:54:19 +0200 (MEST)
Received: by mykerinos.kheops.frmug.org (Postfix, from userid 7426)
	id 4D4E2232A7; Wed, 25 May 2005 07:36:27 +0200 (CEST)
Date: Wed, 25 May 2005 07:36:27 +0200
From: Christian Perrier <bubulle@debian.org>
To: Tomasz =?utf-8?Q?K=C5=82oczko?= <kloczek@zie.pg.gda.pl>
Cc: 190215-forwarded@bugs.debian.org, 190215-submitter@bugs.debian.org
Subject: Re: Bug#190215: Bug probably no more relevant
Message-ID: <20050525053627.GY20553@mykerinos.kheops.frmug.org>
References: <20050524165908.GH20553@mykerinos.kheops.frmug.org> <1116965898.28222.57.camel@london.europe.localnet>
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-15
Content-Disposition: inline
In-Reply-To: <1116965898.28222.57.camel@london.europe.localnet>
User-Agent: Mutt/1.5.9i
Content-Transfer-Encoding: quoted-printable
X-MIME-Autoconverted: from 8bit to quoted-printable by onera.onera.fr id j4P5sJrI000882
Delivered-To: 190215-forwarded@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER,
	VALID_BTS_CONTROL autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level: 

retitle 190215 login: su should log successful root logins with LOG_NOTIC=
E, like login does
tags 190215 confirmed
thanks

> > I think this is enough information and hence I propose closing this
> > bug report.
>=20
> It's not exactly what I was after.
>=20
> The pam log messages are of priority LOG_INFO and are generated
> regardless of the user that logs in. The login program issues an
> additional log message with (higher) priority LOG_NOTICE for root
> logins. I think this makes sense, because somebody logging in as root i=
s
> always a more "interesting" event than somebody logging in with a
> "normal" user name, and this justifies (IMHO) a log message with higher
> priority.
>=20
> It seems that not many people divide their logs by priority, but I, for
> example, do :-)

OK, I now get the point. You want something like this:

May 25 07:28:47 mykerinos login[12381]: =C9CHEC DE CONNEXION (1) sur=AB=A0=
pts/1=A0=BB POUR =AB=A0root=A0=BB, Authentication failure
May 25 07:28:51 mykerinos login[12381]: (pam_unix) session opened foruser=
 tintin by (uid=3D0)
May 25 07:29:01 mykerinos login[4210]: (pam_unix) session opened for user=
 root by LOGIN(uid=3D0)
May 25 07:29:01 mykerinos login[4210]: ROOT LOGIN  on `tty1'


The first and fourth entries are LOG_NOTICE entries direct from login
while the second and third are from pam_unix.

This seems a reasonable suggestion to me=A0: implement the same scheme
in su. Tomasz, comments=A0?

I think that unsuccessful root logins should also be logged the same way =
if
successful ones are, by the way..:)