pam_mkhomedir doesn't work for su?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

--n8884J15jRwcBTvu
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Tue, Aug 06, 2002 at 10:14:54PM -0700, Chen Min wrote:
>  Here is what I did
>=20
>  After add a line to pam_mkhomedir.c
>=20
>   _log_err(LOG_DEBUG," current uid is %s(%d)\n",pwd->pw_name,pwd->pw_uid);
>    if (mkdir(pwd->pw_dir,0700) !=3D 0)
>    {
>      perror("create directory error");
>       free(remark);
>       _log_err(LOG_DEBUG, "unable to create home directory %s",pwd->pw_di=
r);
>       return PAM_PERM_DENIED;
>    }
>=20
>    Then I got:
>    		# su ppp
> 		Creating home directory '/home/ppp'.
> 		create directory error: Permission denied
>    Check syslog
> 		Aug  6 21:53:52 Whisper PAM-mkhomedir[11266]: current uid is ppp(545)
> 		Aug  6 21:53:52 Whisper PAM-mkhomedir[11266]: unable to create home
> directory /home/ppp
> 		Aug  6 21:53:52 Whisper su(pam_unix)[11266]:  session opened for user p=
pp
> by ppp(uid=3D0)
>=20
>    That means current user is ppp before mkdir , run shell mkdir under /h=
ome
> directory, of course, got same message: permission denied. Then  #chmod 7=
77
> home, #su ppp , the /home/ppp is created without any problem, so far

777 /home is not a good solution.

> anything make sense to me. But look this: when I use ssh to login ppp,
> syslog says:
>             Aug  6 22:03:13 Whisper PAM-mkhomedir[11280]:  current uid is
> ppp(545)
>    After that, I found /home/ppp was created successfully! I thought su h=
ad
> problem, but now I am wondering how come ssh login  succeed! Any idea?

because ssh (without privsep) runs the pam session with euid=3D0, your
not printing the euid.  it would seem that su runs the session without
root privileges (as does ssh with privsep).

nothing in the pam docs justifies the assumption that pam_session is
run as root so there is no bug here except in pam_mkhomedir for
assuming this.

--=20
Ethan Benson
http://www.alaska.net/~erbenson/

--n8884J15jRwcBTvu
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAj1QwcEACgkQJKx7GixEevxXQQCeNmYYGZH0Wsm5R7TrEaKl+r4w
VBoAnjOATS/2O9JzmCnnFWk0LoFRDaG0
=04zs
-----END PGP SIGNATURE-----

--n8884J15jRwcBTvu--
[Index of Archives]     [Fedora Users]     [Kernel]     [Red Hat Install]     [Linux for the blind]     [Gimp]

  Powered by Linux