2016-04-07 14:20:27 |
bugproxy |
bug |
|
|
added bug |
2016-04-07 14:20:29 |
bugproxy |
tags |
|
architecture-s39064 bugnameltc-139838 severity-medium targetmilestone-inin1604 |
|
2016-04-07 14:20:30 |
bugproxy |
ubuntu: assignee |
|
Skipper Bug Screeners (skipper-screen-team) |
|
2016-04-07 14:31:51 |
Luciano Chavez |
affects |
ubuntu |
s390-tools (Ubuntu) |
|
2016-04-08 22:17:16 |
dann frazier |
bug task added |
|
ubuntu-z-systems |
|
2016-04-14 16:26:13 |
Dimitri John Ledkov |
s390-tools (Ubuntu): status |
New |
In Progress |
|
2016-04-14 16:26:15 |
Dimitri John Ledkov |
ubuntu-z-systems: status |
New |
In Progress |
|
2016-04-14 20:51:53 |
Launchpad Janitor |
s390-tools (Ubuntu): status |
In Progress |
Fix Released |
|
2016-04-14 22:51:41 |
Dimitri John Ledkov |
ubuntu-z-systems: status |
In Progress |
Fix Committed |
|
2016-04-26 02:57:40 |
dann frazier |
ubuntu-z-systems: status |
Fix Committed |
Fix Released |
|
2016-05-02 17:19:49 |
Dimitri John Ledkov |
s390-tools (Ubuntu): status |
Fix Released |
Triaged |
|
2016-05-02 17:19:52 |
Dimitri John Ledkov |
s390-tools (Ubuntu): assignee |
Skipper Bug Screeners (skipper-screen-team) |
Dimitri John Ledkov (xnox) |
|
2016-05-02 17:19:54 |
Dimitri John Ledkov |
ubuntu-z-systems: status |
Fix Released |
Triaged |
|
2016-05-13 15:21:52 |
Frank Heimes |
ubuntu-z-systems: importance |
Undecided |
Medium |
|
2016-06-06 11:33:48 |
Dimitri John Ledkov |
nominated for series |
|
Ubuntu Xenial |
|
2016-06-06 11:33:48 |
Dimitri John Ledkov |
bug task added |
|
s390-tools (Ubuntu Xenial) |
|
2016-06-06 12:00:32 |
Dimitri John Ledkov |
s390-tools (Ubuntu): status |
Triaged |
In Progress |
|
2016-06-06 12:00:36 |
Dimitri John Ledkov |
s390-tools (Ubuntu Xenial): status |
New |
In Progress |
|
2016-06-06 12:00:39 |
Dimitri John Ledkov |
s390-tools (Ubuntu): importance |
Undecided |
Medium |
|
2016-06-06 12:00:41 |
Dimitri John Ledkov |
s390-tools (Ubuntu Xenial): importance |
Undecided |
Medium |
|
2016-06-06 12:12:36 |
Frank Heimes |
ubuntu-z-systems: status |
Triaged |
In Progress |
|
2016-06-06 15:09:36 |
Launchpad Janitor |
s390-tools (Ubuntu): status |
In Progress |
Fix Released |
|
2016-06-07 11:29:38 |
Dimitri John Ledkov |
description |
s390-tools: missing ts-shell
ts-shell is part of the s390-tools package (see here http://www.ibm.com/developerworks/linux/linux390/s390-tools-overview.html)
ts-shell is a terminal server shell to authorize and control IUCV terminal connections for individual Linux users. It is currently still missing in the Ubuntu Beta version (4.4.0-15-generic #31-Ubuntu SMP Fri Mar 18 19:07:12 UTC 2016 s390x).
The preferred integration of ts-shell is through a subpackage. The ts-shell is required on a particular Linux instance only, that it is the terminal server. Other Linux instances might not need to install ts-shell.
Apart from the installing ts-shell, further configuration files and steps are required:
1. Install and package these configuration files:
/etc/iucvterm/ts-audit-systems.conf
/etc/iucvterm/ts-authorization.conf
/etc/iucvterm/ts-shell.conf
/etc/iucvterm/unrestricted.conf
2. Install additional documentation files for the ts-shell, that are included in the "iucvterm/doc/ts-shell" in the s390-tools source directory.
3. System configuration for ts-shell.
- (optional) Register ts-shell as shell by adding it to /etc/shells.
- Create a ts-shell group.
- Ensure the configuration files from 1. are readable by the ts-shell group.
- Create the /var/log/ts-shell directory to store audit logs; the ts-shell group should have read/write access to this directory, implemented as set-group-ID
4. Optional. The ts-shell subpackage must depend on s390-tools because it requires iucvconn. Further, the subpackage should add a Recommends to either Term::ReadLine::Gnu or Term::ReadLine::Perl.
Below is an excpert from the README.ts-shell to create ts-shell user accounts. These information should help to better understand the configuration steps above:
Setup considerations for the terminal server shell (ts-shell)
-------------------------------------------------------------
Adding new ts-shell users
~~~~~~~~~~~~~~~~~~~~~~~~~
The ts-shell installation creates a system group ts-shell.
If you intend to use ts-shell as a login shell for users, ensure that
these users are all members of ts-shell. To add existing users to
group ts-shell, use +usermod -G ts-shell 'username'+.
The ts-shell configuration files and `/var/log/ts-shell` are
readable only by members of the *ts-shell* group.
Enabling terminal session transcripts
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ts-shell(1) can be configured to create transcripts of terminal sessions
to particular z/VM guest virtual machines. The transcripts are written
to log files in the `/var/log/ts-shell` directory.
NOTE: The `/var/log/ts-shell` directory permission has the
set-group-ID bit set. Sub-directories that are created by
different users will inherit the group ownership of the
`/var/log/ts-shell` directory.
See the ts-shell(1) manual page for more information about terminal
session transcripts.
For further details, see http://public.dhe.ibm.com/software/dw/linux390/docu/l4n0ht01.pdf |
[Impact]
* /var/log/ts-shell has wrong permissions, and thus prevents ts-shell operation.
[Test Case]
* /var/log/ts-shell should be:
drwxrws--T 2 root ts-shell
==
s390-tools: missing ts-shell
ts-shell is part of the s390-tools package (see here http://www.ibm.com/developerworks/linux/linux390/s390-tools-overview.html)
ts-shell is a terminal server shell to authorize and control IUCV terminal connections for individual Linux users. It is currently still missing in the Ubuntu Beta version (4.4.0-15-generic #31-Ubuntu SMP Fri Mar 18 19:07:12 UTC 2016 s390x).
The preferred integration of ts-shell is through a subpackage. The ts-shell is required on a particular Linux instance only, that it is the terminal server. Other Linux instances might not need to install ts-shell.
Apart from the installing ts-shell, further configuration files and steps are required:
1. Install and package these configuration files:
/etc/iucvterm/ts-audit-systems.conf
/etc/iucvterm/ts-authorization.conf
/etc/iucvterm/ts-shell.conf
/etc/iucvterm/unrestricted.conf
2. Install additional documentation files for the ts-shell, that are included in the "iucvterm/doc/ts-shell" in the s390-tools source directory.
3. System configuration for ts-shell.
- (optional) Register ts-shell as shell by adding it to /etc/shells.
- Create a ts-shell group.
- Ensure the configuration files from 1. are readable by the ts-shell group.
- Create the /var/log/ts-shell directory to store audit logs; the ts-shell group should have read/write access to this directory, implemented as set-group-ID
4. Optional. The ts-shell subpackage must depend on s390-tools because it requires iucvconn. Further, the subpackage should add a Recommends to either Term::ReadLine::Gnu or Term::ReadLine::Perl.
Below is an excpert from the README.ts-shell to create ts-shell user accounts. These information should help to better understand the configuration steps above:
Setup considerations for the terminal server shell (ts-shell)
-------------------------------------------------------------
Adding new ts-shell users
~~~~~~~~~~~~~~~~~~~~~~~~~
The ts-shell installation creates a system group ts-shell.
If you intend to use ts-shell as a login shell for users, ensure that
these users are all members of ts-shell. To add existing users to
group ts-shell, use +usermod -G ts-shell 'username'+.
The ts-shell configuration files and `/var/log/ts-shell` are
readable only by members of the *ts-shell* group.
Enabling terminal session transcripts
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ts-shell(1) can be configured to create transcripts of terminal sessions
to particular z/VM guest virtual machines. The transcripts are written
to log files in the `/var/log/ts-shell` directory.
NOTE: The `/var/log/ts-shell` directory permission has the
set-group-ID bit set. Sub-directories that are created by
different users will inherit the group ownership of the
`/var/log/ts-shell` directory.
See the ts-shell(1) manual page for more information about terminal
session transcripts.
For further details, see http://public.dhe.ibm.com/software/dw/linux390/docu/l4n0ht01.pdf |
|
2016-06-09 17:48:48 |
Brian Murray |
s390-tools (Ubuntu Xenial): status |
In Progress |
Fix Committed |
|
2016-06-09 17:48:50 |
Brian Murray |
bug |
|
|
added subscriber Ubuntu Stable Release Updates Team |
2016-06-09 17:48:52 |
Brian Murray |
bug |
|
|
added subscriber SRU Verification |
2016-06-09 17:48:55 |
Brian Murray |
tags |
architecture-s39064 bugnameltc-139838 severity-medium targetmilestone-inin1604 |
architecture-s39064 bugnameltc-139838 severity-medium targetmilestone-inin1604 verification-needed |
|
2016-06-09 18:13:43 |
Frank Heimes |
ubuntu-z-systems: status |
In Progress |
Fix Committed |
|
2016-06-17 22:42:34 |
Paul Novák |
bug |
|
|
added subscriber Paul Novák |
2016-06-24 12:27:36 |
Dimitri John Ledkov |
tags |
architecture-s39064 bugnameltc-139838 severity-medium targetmilestone-inin1604 verification-needed |
architecture-s39064 bugnameltc-139838 severity-medium targetmilestone-inin1604 verification-done |
|
2016-06-28 07:24:57 |
Launchpad Janitor |
s390-tools (Ubuntu Xenial): status |
Fix Committed |
Fix Released |
|
2016-06-28 07:25:08 |
Martin Pitt |
removed subscriber Ubuntu Stable Release Updates Team |
|
|
|
2016-06-28 07:36:21 |
Frank Heimes |
ubuntu-z-systems: status |
Fix Committed |
Fix Released |
|