Hi Mike, On Fri, Apr 04, 2003 at 01:50:15PM -0500, mike@xxxxxxxx wrote: > I am the maintainer of the pam_mount module, which allows volumes to be mounted > when a user logs on and unmounted when he logs off. > What is the proper behavior (if there is one) of PAM-enabled applications when a > user logs off? Should pam_sm_close_session-related code be run with a uid or > euid of 0? > Here is what I have come across: > The su included in the version of Debian I use maintains its euid of 0 after > forking and execing a shell. This results in pam_sm_close_session code being > executed with a euid of 0. > The login included in the version of Debian I use drops its priveleges, > resulting in pam_sm_close_session code being executed as some user (much > different behavior than su). > The (broken) su included in openpam (FreeBSD, etc.) drops all priveleges before > forking and execing a shell, resulting in pam_sm_close_session code executing as > some user. > Obviously I am seeing several different behaviors. Is one proper? Certainly, > for my purposes I hope that pam_sm_close_session code should be run with an euid > of 0. Though I think the spec is a little lean on such details, I believe close_session() is one of the calls that should be run with "maximum available permissions" (not always euid 0). ISTR someone saying that Debian's /bin/login lets you configure the permissions-dropping behavior via /etc/login.defs, btw. I'm inclined to consider the current default behavior a bug in the package. Regards, -- Steve Langasek postmodern programmer
Attachment:
pgp00078.pgp
Description: PGP signature
