Arch Linux

Please read this before reporting a bug:
https://wiki.archlinux.org/index.php/Reporting_Bug_Guidelines

Do NOT report bugs when a package is just outdated, or it is in Unsupported. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!
Tasklist

FS#45903 - [pam systemd] Disable obsolete pam_securetty.so

Attached to Project: Arch Linux
Opened by Kai Hendry (hendry) - Wednesday, 05 August 2015, 13:55 GMT
Last edited by David Runge (dvzrv) - Thursday, 21 November 2019, 18:43 GMT
Task Type General Gripe
Category Packages: Testing
Status Assigned
Assigned To Tobias Powalowski (tpowa)
Evangelos Foutras (foutrelis)
Dave Reisner (falconindy)
Christian Hesse (eworm)
Architecture All
Severity Low
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 0%
Votes 12
Private No

Details

Description: securetty hinders a root login from a host to a container. As I understand it, it's function is obsolete as argued by Lennart in https://github.com/systemd/systemd/issues/852#issuecomment-127759667


Additional info:
* 1.2.0-1


Steps to reproduce:

Login as root to a pacstrapped container.
This task depends upon

Comment by t-ask (tAsk) - Wednesday, 31 October 2018, 13:11 GMT
You can fix this by removing `/ect/securetty` from the container itself. Still the question persists if `securetty` is still needed nowadays.
Comment by Johannes Ernst (jernst) - Thursday, 10 October 2019, 07:31 GMT Comment by Daan De Meyer (DaanDeMeyer) - Monday, 11 November 2019, 17:58 GMT
Another vote for removing pam_securetty as the same was done by Fedora (https://bugzilla.redhat.com/show_bug.cgi?id=1090639, https://bugzilla.redhat.com/show_bug.cgi?id=1090638). https://lists.fedoraproject.org/pipermail/devel/2014-April/197712.html goes into more detail into the reasoning behind the change. I think pam_securetty is the only thing left that's blocking seamless root login on pacstrapped containers which is tremendously convenient for containers used as development environments. Right now, when root login fails it's not trivial to figure out that the cause is pam_securetty.
Comment by Daan De Meyer (DaanDeMeyer) - Monday, 18 November 2019, 18:35 GMT
Relevant Debian bug report (who also removed /etc/securetty and are likely to disable pam_securetty as well): https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=731656
Comment by Christian Rebischke (Shibumi) - Thursday, 21 November 2019, 19:55 GMT
This issue can be fixed via adding "pts/n", (where n is an integer from 0 to 10) for example "pts/0", to your container.
Comment by Daan De Meyer (DaanDeMeyer) - Thursday, 21 November 2019, 20:19 GMT
That works but I'd prefer to be able to login without having to change each and every Arch container I ever pacstrap. Especially with other major distributions opting to remove /etc/securetty as well, it's not like we're breaking new ground here if we're just following Fedora and Debian (with several statements from Poettering in systemd github issues strongly discouraging the use of pam_securetty as well).
Comment by Daan De Meyer (DaanDeMeyer) - Thursday, 21 November 2019, 21:27 GMT

Loading...