tlog
tlog copied to clipboard
tlog-rec-session does not create an utmp entry, leading the “who am i” command to fail
tlog-rec-session allocates a new pseudo-terminal for the recorded user session. Since the who command searches for an entry corresponding the current terminal in the run/utmp
file, that search always fails. For example, in my test system I have user newuser:
# getent passwd user newuser
newuser:x:1001:1001::/home/newuser:/usr/bin/tlog-rec-session
So a newuser session becomes
[root@rhel-8-1 tmp]# tty
/dev/pts/0
[root@rhel-8-1 ~]# su - newuser
Locale charset is ANSI_X3.4-1968 (ASCII)
Assuming locale environment is lost and charset is UTF-8
ATTENTION! Your session is being recorded!
[newuser@rhel-8-1 ~]$ id
uid=1001(newuser) gid=1001(newuser) groups=1001(newuser) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
[newuser@rhel-8-1 ~]$ tty
/dev/pts/1
[newuser@rhel-8-1 ~]$ ps aufwww|head -n 6
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 8947 0.0 0.2 26712 5224 pts/0 Ss 17:57 0:00 -bash
root 9356 0.0 0.5 187336 10648 pts/0 S+ 18:08 0:00 \_ su - newuser
tlog 9357 0.0 0.4 121780 7488 pts/0 S+ 18:08 0:00 \_ -tlog-rec-session
newuser 9358 0.0 0.2 24564 5208 pts/1 Ss 18:08 0:00 \_ -bash
newuser 9436 0.0 0.2 57180 3964 pts/1 R+ 18:11 0:00 \_ ps aufwww
[newuser@rhel-8-1 ~]$ who am i
[newuser@rhel-8-1 ~]$
The solution requires modifying tlog-rec-session
to add an entry in the utmp file so the heuristics used by the who command succeeds.