Solar Designer wrote:
On Wed, Feb 26, 2003 at 12:37:48PM -0500, Lia Treffman wrote:I have used PAM to disallow ssh or su -> root. This is why I think it may be PAM related.
Hi,
I'm pretty new to linux (saw my first linux box last November). I have set up master and slave DNS servers which have bind9 chrooted into a directory called "named" owned by user "named."This is not PAM-related (and I'm unsure if your problem is), but
making the new fs root directory owned by a non-root user is a
security hole. You don't buy any security by setting up a chroot jail
like that, but rather you introduce a named -> root security hole.
If a library would refuse to work in such a setup, I'd view that as an
advantage.
Thanks,
Lia
_______________________________________________
Pam-list@redhat.com
https://listman.redhat.com/mailman/listinfo/pam-list
