On Sun, 2003-07-06 at 18:27, Ethan Benson wrote: > On Mon, Jul 07, 2003 at 12:04:33AM +0200, Troels Liebe Bentsen wrote: > > On Sun, 2003-07-06 at 23:35, Ethan Benson wrote: > > > On Sun, Jul 06, 2003 at 09:25:15PM +0200, Troels Liebe Bentsen wrote: > > > > 3. pam_mkhomedir is called, the effective uid is still root, and the > > > > real uid is now the one of the users we su'ed to(eg. test). But since > > > > we on linux have fsuid/fsgid and this is used for filesystem access, > > > > this makes it imposible for us to create a directory under /home > > > > because is owned by root and set to 750. > > > > Sorry I was suppose to be 755.(as wrong i mail, correct on filesystem) > > > ^^^^^ > > > > > there is no security threat from /home being world readable anyway, > > > users should set perms on thier home directory to reflect the level of > > > privacy they desire. > > You are quite correct on all points and I do agree with them. > > > > But world-writable would not be a good idea as required by the current > > i said world readable not world writable. > > > code. fsuid/fsgid is still set to the user we are su'ing to. And to make > > it possible to create a home directory ,would require world writable > > permissions on home. > > i really think this is a configuration problem, a great many people > have used this module without problems. I've had the same prolem as Troels. It really appears that the problems depend on what user the pam_mkhomedir module is run as. For instance, it works fine with older versions of sshd without priviledge separation where it runs as root, but it fails under the newer sshd with priv_sep, and it appears that pam_mkhomedir is being run as the user instead of root. If I am correct about this, then it makes sense that the pam_mkhomedir would fail under the prov_sep version of sshd, since a normal user will *not* be able to write to /home to create his home directory. So the issue for me and Troels is: how can we force pam_mkhomedir to run as root so that it will be able to work with the file permissions on /home to create the home directory? High Mobley _______________________________________________ Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
