On Sun, 2003-07-06 at 23:35, Ethan Benson wrote: > On Sun, Jul 06, 2003 at 09:25:15PM +0200, Troels Liebe Bentsen wrote: > > 3. pam_mkhomedir is called, the effective uid is still root, and the > > real uid is now the one of the users we su'ed to(eg. test). But since > > we on linux have fsuid/fsgid and this is used for filesystem access, > > this makes it imposible for us to create a directory under /home > > because is owned by root and set to 750. Sorry I was suppose to be 755.(as wrong i mail, correct on filesystem) > ^^^^^ > there is no security threat from /home being world readable anyway, > users should set perms on thier home directory to reflect the level of > privacy they desire. You are quite correct on all points and I do agree with them. But world-writable would not be a good idea as required by the current code. fsuid/fsgid is still set to the user we are su'ing to. And to make it possible to create a home directory ,would require world writable permissions on home. Kind Regards Troels Liebe Bentsen. _______________________________________________ Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
