There was no Session in Auditor Console seen for login user and found that permission of /dev/ptmx on machine missing 'write' permission. It's tested that adding 'w' back to permission fix the problem however would like to understand more about /dev/ptmx.
Reproduced the issue on testing machine, with changing the permission of ptmx (chmod o-w /dev/ptmx), we then get the following error message:
[root@rhel6_2 dev]# grep ptmx /var/log/centrifydc.log
Jan 12 16:27:31 rhel6_2 -bash: DEBUG: Unable to open /dev/ptmx, trying /dev/ptc
Jan 12 16:27:31 rhel6_2 -bash: ERROR: DirectAudit was unable to open either pty master /dev/ptmx or /dev/ptc, and is unable to continue with creation of subshell pty.Workaround:
Running the command below to add the 'write' permission:
chmod o+w /dev/ptmx
The question is:
What is ptmx? And why does Centrify Audit need write permission?Answer:
What is ptmx:
The file /dev/ptmx is a character file with major number 5 and minor number 2, usually of mode 0666 and owner.group of root.root.
It is used to create a pseudoterminal master and slave pair.
When a process opens /dev/ptmx, it gets a file descriptor for a pseudoterminal master (PTM), and a pseudoterminal slave (PTS) device is created in the /dev/pts directory.
Why do we need write permission:
In linux platform's the default permission of "/dev/ptmx" it has write permission to all. And DirectAudit requires write permission by the line "open("/dev/ptmx", O_RDWR)".
More info provided as courtesy:https://www.kernel.org/doc/Documentation/filesystems/devpts.txt