Comment 0 for bug 1567473

Revision history for this message
bugproxy (bugproxy) wrote :

s390-tools: missing ts-shell

ts-shell is part of the s390-tools package (see here http://www.ibm.com/developerworks/linux/linux390/s390-tools-overview.html)

ts-shell is a terminal server shell to authorize and control IUCV terminal connections for individual Linux users. It is currently still missing in the Ubuntu Beta version (4.4.0-15-generic #31-Ubuntu SMP Fri Mar 18 19:07:12 UTC 2016 s390x).

The preferred integration of ts-shell is through a subpackage. The ts-shell is required on a particular Linux instance only, that it is the terminal server. Other Linux instances might not need to install ts-shell.

Apart from the installing ts-shell, further configuration files and steps are required:

1. Install and package these configuration files:

/etc/iucvterm/ts-audit-systems.conf
/etc/iucvterm/ts-authorization.conf
/etc/iucvterm/ts-shell.conf
/etc/iucvterm/unrestricted.conf

2. Install additional documentation files for the ts-shell, that are included in the "iucvterm/doc/ts-shell" in the s390-tools source directory.

3. System configuration for ts-shell.

- (optional) Register ts-shell as shell by adding it to /etc/shells.
- Create a ts-shell group.
- Ensure the configuration files from 1. are readable by the ts-shell group.
- Create the /var/log/ts-shell directory to store audit logs; the ts-shell group should have read/write access to this directory, implemented as set-group-ID

4. Optional. The ts-shell subpackage must depend on s390-tools because it requires iucvconn. Further, the subpackage should add a Recommends to either Term::ReadLine::Gnu or Term::ReadLine::Perl.

Below is an excpert from the README.ts-shell to create ts-shell user accounts. These information should help to better understand the configuration steps above:

Setup considerations for the terminal server shell (ts-shell)
-------------------------------------------------------------
Adding new ts-shell users
~~~~~~~~~~~~~~~~~~~~~~~~~
The ts-shell installation creates a system group ts-shell.
If you intend to use ts-shell as a login shell for users, ensure that
these users are all members of ts-shell. To add existing users to
group ts-shell, use +usermod -G ts-shell 'username'+.

The ts-shell configuration files and `/var/log/ts-shell` are
readable only by members of the *ts-shell* group.

Enabling terminal session transcripts
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ts-shell(1) can be configured to create transcripts of terminal sessions
to particular z/VM guest virtual machines. The transcripts are written
to log files in the `/var/log/ts-shell` directory.

NOTE: The `/var/log/ts-shell` directory permission has the
        set-group-ID bit set. Sub-directories that are created by
        different users will inherit the group ownership of the
        `/var/log/ts-shell` directory.

See the ts-shell(1) manual page for more information about terminal
session transcripts.

For further details, see http://public.dhe.ibm.com/software/dw/linux390/docu/l4n0ht01.pdf