Debian Bug report logs - #659878
cannot set terminal process group (-1): Inappropriate ioctl for device

version graph

Package: login; Maintainer for login is Shadow package maintainers <pkg-shadow-devel@lists.alioth.debian.org>; Source for login is src:shadow.

Reported by: jidanni@jidanni.org

Date: Tue, 14 Feb 2012 13:39:02 UTC

Severity: grave

Tags: help

Merged with 663200

Found in version shadow/1:4.1.5-1

Reply or subscribe to this bug.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Shadow package maintainers <pkg-shadow-devel@lists.alioth.debian.org>:
Bug#659878; Package passwd. (Tue, 14 Feb 2012 13:39:06 GMT) Full text and rfc822 format available.

Acknowledgement sent to jidanni@jidanni.org:
New Bug report received and forwarded. Copy sent to Shadow package maintainers <pkg-shadow-devel@lists.alioth.debian.org>. (Tue, 14 Feb 2012 13:39:07 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: jidanni@jidanni.org
To: submit@bugs.debian.org
Subject: cannot set terminal process group (-1): Inappropriate ioctl for device
Date: Tue, 14 Feb 2012 20:45:18 +0800
Package: passwd
Version: 1:4.1.5-1

Broke sux. Su still OK.
$ sux
Password:
bash: cannot set terminal process group (-1): Inappropriate ioctl for device
bash: no job control in this shell
# exit
exit
$ su
Password:
#




Information forwarded to debian-bugs-dist@lists.debian.org, Shadow package maintainers <pkg-shadow-devel@lists.alioth.debian.org>:
Bug#659878; Package passwd. (Tue, 14 Feb 2012 23:33:11 GMT) Full text and rfc822 format available.

Acknowledgement sent to Nicolas François <nicolas.francois@centraliens.net>:
Extra info received and forwarded to list. Copy sent to Shadow package maintainers <pkg-shadow-devel@lists.alioth.debian.org>. (Tue, 14 Feb 2012 23:33:11 GMT) Full text and rfc822 format available.

Message #10 received at 659878@bugs.debian.org (full text, mbox):

From: Nicolas François <nicolas.francois@centraliens.net>
To: jidanni@jidanni.org, 659878@bugs.debian.org
Subject: Re: [Pkg-shadow-devel] Bug#659878: cannot set terminal process group (-1): Inappropriate ioctl for device
Date: Wed, 15 Feb 2012 00:27:55 +0100
Hello,

On Tue, Feb 14, 2012 at 08:45:18PM +0800, jidanni@jidanni.org wrote:
> 
> Broke sux. Su still OK.
> $ sux
> Password:
> bash: cannot set terminal process group (-1): Inappropriate ioctl for device
> bash: no job control in this shell
> # exit

This might be due to the fix for CVE-2005-4890
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=628843

This needs to be investigated further (in particular to check what sux is
doing, and whether this could be fixed on the sux side).
(The fix removes the controlling terminal for non-interactive executions)

-- 
Nekral




Information forwarded to debian-bugs-dist@lists.debian.org, Shadow package maintainers <pkg-shadow-devel@lists.alioth.debian.org>:
Bug#659878; Package passwd. (Wed, 15 Feb 2012 00:03:07 GMT) Full text and rfc822 format available.

Acknowledgement sent to jidanni@jidanni.org:
Extra info received and forwarded to list. Copy sent to Shadow package maintainers <pkg-shadow-devel@lists.alioth.debian.org>. (Wed, 15 Feb 2012 00:03:07 GMT) Full text and rfc822 format available.

Message #15 received at 659878@bugs.debian.org (full text, mbox):

From: jidanni@jidanni.org
To: smcv@debian.org
Cc: 633652@bugs.debian.org,nicolas.francois@centraliens.net,659878@bugs.debian.org,sux@packages.debian.org
Subject: sux now broken by 659878
Date: Wed, 15 Feb 2012 08:01:13 +0800
Dear 633652, sux now sux due to 659878.




Information forwarded to debian-bugs-dist@lists.debian.org, Shadow package maintainers <pkg-shadow-devel@lists.alioth.debian.org>:
Bug#659878; Package passwd. (Wed, 22 Feb 2012 08:09:12 GMT) Full text and rfc822 format available.

Acknowledgement sent to Reinhard Karcher <reinhard.karcher@gmx.net>:
Extra info received and forwarded to list. Copy sent to Shadow package maintainers <pkg-shadow-devel@lists.alioth.debian.org>. (Wed, 22 Feb 2012 08:09:12 GMT) Full text and rfc822 format available.

Message #20 received at 659878@bugs.debian.org (full text, mbox):

From: Reinhard Karcher <reinhard.karcher@gmx.net>
To: 659878@bugs.debian.org
Subject: cannot set terminal process group (-1): Inappropriate ioctl for device, problems also with su
Date: Wed, 22 Feb 2012 09:07:36 +0100
su is also not without problems. The command su - -c bash returns the 
same error message. The german message translate to the message in the 
bug report.

reinhard@apollon:~$ su - -c bash
Passwort:
bash: Kann die Prozessgruppe des Terminals nicht setzen (-1).: 
Unpassender IOCTL (I/O-Control) für das Gerät
bash: Keine Job Steuerung in dieser Shell.

Reinhard





Bug reassigned from package 'passwd' to 'login'. Request was from Nicolas François <nicolas.francois@centraliens.net> to control@bugs.debian.org. (Sun, 20 May 2012 11:06:04 GMT) Full text and rfc822 format available.

No longer marked as found in versions shadow/1:4.1.5-1. Request was from Nicolas François <nicolas.francois@centraliens.net> to control@bugs.debian.org. (Sun, 20 May 2012 11:06:05 GMT) Full text and rfc822 format available.

Marked as found in versions shadow/1:4.1.5-1. Request was from Nicolas François <nicolas.francois@centraliens.net> to control@bugs.debian.org. (Sun, 20 May 2012 11:06:05 GMT) Full text and rfc822 format available.

Merged 659878 663200 Request was from Nicolas François <nicolas.francois@centraliens.net> to control@bugs.debian.org. (Sun, 20 May 2012 11:06:07 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Shadow package maintainers <pkg-shadow-devel@lists.alioth.debian.org>:
Bug#659878; Package login. (Mon, 21 May 2012 21:15:08 GMT) Full text and rfc822 format available.

Acknowledgement sent to Nicolas François <nicolas.francois@centraliens.net>:
Extra info received and forwarded to list. Copy sent to Shadow package maintainers <pkg-shadow-devel@lists.alioth.debian.org>. (Mon, 21 May 2012 21:15:14 GMT) Full text and rfc822 format available.

Message #33 received at 659878@bugs.debian.org (full text, mbox):

From: Nicolas François <nicolas.francois@centraliens.net>
To: jidanni@jidanni.org, 659878@bugs.debian.org
Subject: Re: Bug#659878: cannot set terminal process group (-1): Inappropriate ioctl for device
Date: Mon, 21 May 2012 23:10:37 +0200
tags 659878 help
thanks

Hello,

I currently can't find any idea how to fix this issue.

The security issue had to be solved by dropping the controlling terminal,
so you cannot start a command that would interact with the current
terminal.
I don't have enough terminal handling skills to find other way to fix the
security issue than by dropping the terminal.

An option could be to keep the controlling terminal when su-ing to root.
The issue would be less visible in sux (probably used mostly to gain root
privileges), but even if the risk when su'ing to root is lower, it does not
smell good.

Alternative on the sux side would be to create a terminal when an
interactive command is started (e.g. starting an xterm in sux should work)

Best Regards,
-- 
Nekral




Added tag(s) help. Request was from Nicolas François <nicolas.francois@centraliens.net> to control@bugs.debian.org. (Mon, 21 May 2012 21:15:22 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Shadow package maintainers <pkg-shadow-devel@lists.alioth.debian.org>:
Bug#659878; Package login. (Thu, 31 May 2012 12:57:16 GMT) Full text and rfc822 format available.

Acknowledgement sent to jidanni@jidanni.org:
Extra info received and forwarded to list. Copy sent to Shadow package maintainers <pkg-shadow-devel@lists.alioth.debian.org>. (Thu, 31 May 2012 12:57:29 GMT) Full text and rfc822 format available.

Message #40 received at 659878@bugs.debian.org (full text, mbox):

From: jidanni@jidanni.org
To: nicolas.francois@centraliens.net
Cc: 659878@bugs.debian.org
Subject: Re: Bug#659878: cannot set terminal process group (-1): Inappropriate ioctl for device
Date: Thu, 31 May 2012 20:55:25 +0800
(Bug #633652 is no longer bothering me, I just only get warnings. So I
went back to using su instead of sux.)




Information forwarded to debian-bugs-dist@lists.debian.org, Shadow package maintainers <pkg-shadow-devel@lists.alioth.debian.org>:
Bug#659878; Package login. (Sun, 02 Sep 2012 10:06:13 GMT) Full text and rfc822 format available.

Acknowledgement sent to Francois Gouget <fgouget@free.fr>:
Extra info received and forwarded to list. Copy sent to Shadow package maintainers <pkg-shadow-devel@lists.alioth.debian.org>. (Sun, 02 Sep 2012 10:06:13 GMT) Full text and rfc822 format available.

Message #45 received at 659878@bugs.debian.org (full text, mbox):

From: Francois Gouget <fgouget@free.fr>
To: 659878@bugs.debian.org
Subject: Re: cannot set terminal process group (-1): Inappropriate ioctl for device
Date: Sun, 2 Sep 2012 12:05:17 +0200 (CEST)
[Message part 1 (text/plain, inline)]
Nicolas François wrote:
> An option could be to keep the controlling terminal when su-ing to 
> root. The issue would be less visible in sux (probably used mostly to 
> gain root privileges), but even if the risk when su'ing to root is 
> lower

I almost exclusively use sux to get access to two other non-root 
accounts I normally use.


> Alternative on the sux side would be to create a terminal when an 
> interactive command is started (e.g. starting an xterm in sux should 
> work)

That would really suck. Besides the fact that the user may want to use 
any number of terminal emulators besides xterm, it would make it 
impossible to have two Gnome-Terminal tabs for two different accounts.

Plus the main issue is that currently "su -c" breaks the shell's job 
control (bug #663200). That's an su bug and no amount of hacking in sux 
can fix that.

-- 
Francois Gouget <fgouget@free.fr>              http://fgouget.free.fr/
                      Computers are like airconditioners
                They stop working properly if you open WINDOWS

Information forwarded to debian-bugs-dist@lists.debian.org, Shadow package maintainers <pkg-shadow-devel@lists.alioth.debian.org>:
Bug#659878; Package login. (Fri, 14 Dec 2012 11:27:06 GMT) Full text and rfc822 format available.

Acknowledgement sent to Aleksandar Kostadinov <akostadinov@gmail.com>:
Extra info received and forwarded to list. Copy sent to Shadow package maintainers <pkg-shadow-devel@lists.alioth.debian.org>. (Fri, 14 Dec 2012 11:27:06 GMT) Full text and rfc822 format available.

Message #50 received at 659878@bugs.debian.org (full text, mbox):

From: Aleksandar Kostadinov <akostadinov@gmail.com>
To: 659878@bugs.debian.org
Subject: quick workaround
Date: Fri, 14 Dec 2012 13:25:13 +0200
[Message part 1 (text/plain, inline)]
FYI, somehow inconvenient if you have large number of users but this is a
workaround:

1. replace last two lines of sux executable bash script with:
TERM="$TERM export $sux_xauthority $sux_term DISPLAY='$DISPLAY'"
exec su $sux_su_opts

2. put this as first line of ~user/.bash_profile
[[ "$TERM" == *xauth* ]] && eval "$TERM"

Make sure to avoid sux-ing into non-modified users to not expose your
cookies in environment

Btw "su -" has X11 working by default on fedora 18, not sure how. not same
for regular users though.
[Message part 2 (text/html, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Shadow package maintainers <pkg-shadow-devel@lists.alioth.debian.org>:
Bug#659878; Package login. (Thu, 07 Feb 2013 21:48:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Moo Lambda <lambda165@gmail.com>:
Extra info received and forwarded to list. Copy sent to Shadow package maintainers <pkg-shadow-devel@lists.alioth.debian.org>. (Thu, 07 Feb 2013 21:48:04 GMT) Full text and rfc822 format available.

Message #55 received at 659878@bugs.debian.org (full text, mbox):

From: Moo Lambda <lambda165@gmail.com>
To: 659878@bugs.debian.org
Subject: su - does not work in wheezy.
Date: Thu, 7 Feb 2013 15:44:59 -0600
[Message part 1 (text/plain, inline)]
Now "su - " does not work to open x applications on wheezy.  Should I
switch to fedora?
[Message part 2 (text/html, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Shadow package maintainers <pkg-shadow-devel@lists.alioth.debian.org>:
Bug#659878; Package login. (Fri, 08 Feb 2013 07:51:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to 659878@bugs.debian.org:
Extra info received and forwarded to list. Copy sent to Shadow package maintainers <pkg-shadow-devel@lists.alioth.debian.org>. (Fri, 08 Feb 2013 07:51:03 GMT) Full text and rfc822 format available.

Message #60 received at 659878@bugs.debian.org (full text, mbox):

From: Christian PERRIER <bubulle@debian.org>
To: Moo Lambda <lambda165@gmail.com>, 659878@bugs.debian.org
Subject: Re: [Pkg-shadow-devel] Bug#659878: su - does not work in wheezy.
Date: Fri, 8 Feb 2013 07:12:26 +0100
[Message part 1 (text/plain, inline)]
Quoting Moo Lambda (lambda165@gmail.com):
> Now "su - " does not work to open x applications on wheezy.  Should I
> switch to fedora?

Do what you want....but please be more specific.

Indeed, shadow hasn't changed in wheezy for months, if not years. So,
the problem is very likely to be something else.

Also, "does not work" is not a very detailed bug report. We may need
more information.


[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Shadow package maintainers <pkg-shadow-devel@lists.alioth.debian.org>:
Bug#659878; Package login. (Fri, 08 Feb 2013 08:21:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Alexander Gattin <xrgtn@yandex.ru>:
Extra info received and forwarded to list. Copy sent to Shadow package maintainers <pkg-shadow-devel@lists.alioth.debian.org>. (Fri, 08 Feb 2013 08:21:03 GMT) Full text and rfc822 format available.

Message #65 received at 659878@bugs.debian.org (full text, mbox):

From: Alexander Gattin <xrgtn@yandex.ru>
To: 659878@bugs.debian.org
Cc: Moo Lambda <lambda165@gmail.com>
Subject: Re: [Pkg-shadow-devel] Bug#659878: Bug#659878: su - does not work in wheezy.
Date: Fri, 8 Feb 2013 10:18:24 +0200
[Message part 1 (text/plain, inline)]
Hello,

On Fri, Feb 08, 2013 at 07:12:26AM +0100,
Christian PERRIER wrote:
> Quoting Moo Lambda (lambda165@gmail.com):
> > Now "su - " does not work to open x
> > applications on wheezy.  Should I switch to
> > fedora?

IIRC in RH/Fedora/CentOS/SLX this is handled
by smth like pam-xauth module, which is installed
and activated by default there.

> Also, "does not work" is not a very detailed bug
> report. We may need more information.

I never tried pam_xauth in Debian, but most
probably it will work with our shadow (so this is
really PAM configuration issue, not shadow's bug
IMHO).

-- 
With best regards,
xrgtn
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Shadow package maintainers <pkg-shadow-devel@lists.alioth.debian.org>:
Bug#659878; Package login. (Fri, 08 Feb 2013 18:39:06 GMT) Full text and rfc822 format available.

Message #68 received at 659878@bugs.debian.org (full text, mbox):

From: Bob Proulx <bob@proulx.com>
To: 659878@bugs.debian.org
Cc: Moo Lambda <lambda165@gmail.com>
Subject: Re: Bug#659878: [Pkg-shadow-devel] Bug#659878: Bug#659878: su - does not work in wheezy.
Date: Fri, 8 Feb 2013 11:37:19 -0700
[Message part 1 (text/plain, inline)]
Alexander Gattin wrote:
> Christian PERRIER wrote:
> > Moo Lambda wrote:
> > > Now "su - " does not work to open x applications on wheezy.
> > > Should I switch to fedora?

I don't see how this is related to the bug ticket "cannot set terminal
process group (-1): Inappropriate ioctl for device".  It should be in
a separate ticket.

> IIRC in RH/Fedora/CentOS/SLX this is handled
> by smth like pam-xauth module, which is installed
> and activated by default there.
> 
> > Also, "does not work" is not a very detailed bug
> > report. We may need more information.
> 
> I never tried pam_xauth in Debian, but most
> probably it will work with our shadow (so this is
> really PAM configuration issue, not shadow's bug
> IMHO).

"su -" works for me.  Almost assuredly this related to the XAUTHORITY
environment variable.  But also almost assuredly it is affected by the
choice of session manager because various session managers mess with
that variable.

  rwp@example:~$ printenv XAUTHORITY
  /home/rwp/.Xauthority
  rwp@example:~$ su -
  Password: 
  root@example:~# printenv XAUTHORITY
  /home/rwp/.Xauthority

Works.  Can open X window applications.  But for example if that were
an NFS mounted home directory with restricted permissions then root
would have no permission to access that file and "it would not work"
and would not be able to open an X application.

Bob
[signature.asc (application/pgp-signature, inline)]

Severity set to 'grave' from 'normal' Request was from Tim Connors <reportbug@rather.puzzling.org> to control@bugs.debian.org. (Fri, 10 May 2013 05:57:08 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Apr 16 13:20:25 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.