On Thu, 10.02.11 09:33, Miroslav Lichvar (mlichvar@xxxxxxxxxx) wrote: > > On Tue, Feb 08, 2011 at 06:16:29PM +0100, Lennart Poettering wrote: > > > The problem is it would require making screen setuid root which I do not > > > think it is too good idea. > > > > Well, I think the fear of making something SUID root is not reason > > enough not to make things technically correct. > > How about creating a helper similar to utempter? The PAM session hooks need to be run in the parent process before the session process is forked off and after it died. In the child another hook needs to be called before the session binary is exec()'ed. PAM requires this so that process parameters can be influenced by the PAM modules. That makes it impossible to do PAM session setup out-of-process. Lennart -- Lennart Poettering - Red Hat, Inc. -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
