Nils Olav Selaasdal wrote: > On Sun, 2002-08-11 at 15:06, James West wrote: > >> >>I'm having some trouble with getting certain services thar don't run as root, >>using pam. >> > > We usually make a new group, shadowreaders, and: > chgrp shadowreaders /etc/shadow > chmod g+r /etc/shadow > > and add the users to that group. Know what? That's exactly what I thought. However, in practice, it doesn't seem to work. I filed a bug in the Debian BTS, but I don't know what came of it ... when 'adduser' is run, the PAM libs update the shadow file by creating a new file and copying it over the old file, blowing away the original permissions. I even wrote a patch that I was unable to test - all I did was fstat the file and propogate the permissions. I assume this never made it upstream, but it is a worthy project for anyone who wants to spend 30 minutes to improve PAM. (I've already looked for it for longer than this, so I'll leave it to someone else who wants their name in lights...) Chris
