[Bug 1567473] Comment bridged from LTC Bugzilla
bugproxy at us.ibm.com
Mon May 2 16:40:26 UTC 2016
------- Comment From thorsten.diehl at de.ibm.com 2016-05-02 12:32 EDT-------
While trying to verify this bug, I found the following issue:
I have three users: root, tsuser (member of group ts-shell) and test
tsuser at s8330003:/var/log/ts-shell$ groups tsuser test
tsuser : tsuser ts-shell
test at s8330003:/var/log/ts-shell$ groups test
test : test
The issue is: User tsuser is not allowed to write to /var/log/ts-shell
tsuser at s8330003:/var/log/ts-shell$ echo created_TS > /var/log/ts-shell/created_by_tsuser
-bash: /var/log/ts-shell/created_by_tsuser: Permission denied
This is caused by an improper permission setting during creation of the directory /var/log/ts-shell. mkdir -p 3770 /var/log/ts-shell creates a _directory_ 3770 (!) under /var/log and does NOT set the permissions. If I delete the 3770 and ts-shell directory and execute
mkdir -m 3770 /var/log/ts-shell
instead, it looks fine and works as expected. So this must be fixed in /var/lib/dpkg/info/s390-tools.postinst.
Reopening this bug.
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to s390-tools in Ubuntu.
s390-tools: missing ts-shell
Status in Ubuntu on IBM z Systems:
Status in s390-tools package in Ubuntu:
s390-tools: missing ts-shell
ts-shell is part of the s390-tools package (see here
ts-shell is a terminal server shell to authorize and control IUCV
terminal connections for individual Linux users. It is currently still
missing in the Ubuntu Beta version (4.4.0-15-generic #31-Ubuntu SMP
Fri Mar 18 19:07:12 UTC 2016 s390x).
The preferred integration of ts-shell is through a subpackage. The
ts-shell is required on a particular Linux instance only, that it is
the terminal server. Other Linux instances might not need to install
Apart from the installing ts-shell, further configuration files and
steps are required:
1. Install and package these configuration files:
2. Install additional documentation files for the ts-shell, that are included in the "iucvterm/doc/ts-shell" in the s390-tools source directory.
3. System configuration for ts-shell.
- (optional) Register ts-shell as shell by adding it to /etc/shells.
- Create a ts-shell group.
- Ensure the configuration files from 1. are readable by the ts-shell group.
- Create the /var/log/ts-shell directory to store audit logs; the ts-shell group should have read/write access to this directory, implemented as set-group-ID
4. Optional. The ts-shell subpackage must depend on s390-tools
because it requires iucvconn. Further, the subpackage should add a
Recommends to either Term::ReadLine::Gnu or Term::ReadLine::Perl.
Below is an excpert from the README.ts-shell to create ts-shell user
accounts. These information should help to better understand the
configuration steps above:
Setup considerations for the terminal server shell (ts-shell)
Adding new ts-shell users
The ts-shell installation creates a system group ts-shell.
If you intend to use ts-shell as a login shell for users, ensure that
these users are all members of ts-shell. To add existing users to
group ts-shell, use +usermod -G ts-shell 'username'+.
The ts-shell configuration files and `/var/log/ts-shell` are
readable only by members of the *ts-shell* group.
Enabling terminal session transcripts
ts-shell(1) can be configured to create transcripts of terminal sessions
to particular z/VM guest virtual machines. The transcripts are written
to log files in the `/var/log/ts-shell` directory.
NOTE: The `/var/log/ts-shell` directory permission has the
set-group-ID bit set. Sub-directories that are created by
different users will inherit the group ownership of the
See the ts-shell(1) manual page for more information about terminal
For further details, see http://public.dhe.ibm.com/software/dw/linux390/docu/l4n0ht01.pdf
To manage notifications about this bug go to:
More information about the foundations-bugs