Fair enough. Call setreuid() to swap ui and euid, create the credentials file, switch uid/euid back. I can see that renaming files in /tmp in such a situation can be problematic. But What's the problem with chowning a file in /tmp when it's being chowned by the same process that created it and the process is running as root and that file will never be used by root? Thanks, Nico On Mon, Aug 14, 2000 at 03:53:53PM -0400, Marc Horowitz wrote: > A nit: credentials should never be chown'd, and renaming is also not a > good idea. They should be created *as* the user. Otherwise, you can > get into trouble with interactions with sticky bits, race conditions, > quotas, permission mapping, or a number of other unix subtleties which > all vanish when you just call creat() as the user who owns the > tickets. > > Hopefully, it isn't an inherent property of PAM that you need to use > chown. > > Marc --
