[Bug 1567473] Comment bridged from LTC Bugzilla

bugproxy bugproxy at us.ibm.com
Mon May 2 16:40:26 UTC 2016

------- Comment From thorsten.diehl at de.ibm.com 2016-05-02 12:32 EDT-------
While trying to verify this bug, I found the following issue:

I have three users: root, tsuser (member of group ts-shell) and test

tsuser at s8330003:/var/log/ts-shell$ groups tsuser test
tsuser : tsuser ts-shell

test at s8330003:/var/log/ts-shell$ groups test
test : test

The issue is:  User tsuser is not allowed to write to /var/log/ts-shell

tsuser at s8330003:/var/log/ts-shell$ echo created_TS > /var/log/ts-shell/created_by_tsuser
-bash: /var/log/ts-shell/created_by_tsuser: Permission denied

This is caused by an improper permission setting during creation of the directory /var/log/ts-shell. mkdir -p 3770 /var/log/ts-shell creates a _directory_ 3770 (!) under /var/log and does NOT set the permissions. If I delete the 3770 and ts-shell directory and execute
mkdir -m 3770 /var/log/ts-shell
instead, it looks fine and works as expected. So this must be fixed in /var/lib/dpkg/info/s390-tools.postinst.

Reopening this bug.

You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to s390-tools in Ubuntu.

  s390-tools: missing ts-shell

Status in Ubuntu on IBM z Systems:
  Fix Released
Status in s390-tools package in Ubuntu:
  Fix Released

Bug description:
  s390-tools: missing ts-shell

  ts-shell is part of the s390-tools package (see here

  ts-shell is a terminal server shell to authorize and control IUCV
  terminal connections for individual Linux users. It is currently still
  missing in the Ubuntu Beta version (4.4.0-15-generic #31-Ubuntu SMP
  Fri Mar 18 19:07:12 UTC 2016 s390x).

  The preferred integration of ts-shell is through a subpackage.  The
  ts-shell is required on a particular Linux instance only, that it is
  the terminal server.  Other Linux instances might not need to install

  Apart from the installing ts-shell, further configuration files and
  steps are required:

  1. Install and package these configuration files:


  2. Install additional documentation files for the ts-shell, that are included in the "iucvterm/doc/ts-shell" in the s390-tools source directory.

  3. System configuration for ts-shell.

  - (optional) Register ts-shell as shell by adding it to /etc/shells.
  - Create a ts-shell group.
  - Ensure the configuration files from 1. are readable by the ts-shell group.
  - Create the /var/log/ts-shell directory to store audit logs; the ts-shell group should have read/write access to this directory, implemented as set-group-ID

  4. Optional.  The ts-shell subpackage must depend on s390-tools
  because it requires iucvconn. Further, the subpackage should add a
  Recommends to either Term::ReadLine::Gnu or Term::ReadLine::Perl.

  Below is an excpert from the README.ts-shell to create ts-shell user
  accounts.  These information should help to better understand the
  configuration steps above:

  Setup considerations for the terminal server shell (ts-shell)
  Adding new ts-shell users
  The ts-shell installation creates a system group ts-shell.
  If you intend to use ts-shell as a login shell for users, ensure that
  these users are all members of ts-shell.  To add existing users to
  group ts-shell, use +usermod -G ts-shell 'username'+.

  The ts-shell configuration files and `/var/log/ts-shell` are
  readable only by members of the *ts-shell* group.

  Enabling terminal session transcripts
  ts-shell(1) can be configured to create transcripts of terminal sessions
  to particular z/VM guest virtual machines. The transcripts are written
  to log files in the `/var/log/ts-shell` directory.

  NOTE:   The `/var/log/ts-shell` directory permission has the
          set-group-ID bit set. Sub-directories that are created by
          different users will inherit the group ownership of the
          `/var/log/ts-shell` directory.

  See the ts-shell(1) manual page for more information about terminal
  session transcripts.

  For further details, see http://public.dhe.ibm.com/software/dw/linux390/docu/l4n0ht01.pdf

To manage notifications about this bug go to:

More information about the foundations-bugs mailing list