Re: pam_mkhomdir fix(ldap, su problem)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, 2003-07-07 at 00:27, Ethan Benson wrote:
> On Mon, Jul 07, 2003 at 12:04:33AM +0200, Troels Liebe Bentsen wrote:
> > On Sun, 2003-07-06 at 23:35, Ethan Benson wrote:
> > > On Sun, Jul 06, 2003 at 09:25:15PM +0200, Troels Liebe Bentsen wrote:
> > > > 3. pam_mkhomedir is called, the effective uid is still root, and the
> > > >    real uid is now the one of the users we su'ed to(eg. test). But since
> > > >    we on linux have fsuid/fsgid and this is used for filesystem access, 
> > > >    this makes it impossible for us to create a directory under /home 
> > > >    because is owned by root and set to 750.
> > 
> > Sorry I was suppose to be 755.(as wrong i mail, correct on filesystem)
> > >                                         ^^^^^
> > 
> > > there is no security threat from /home being world readable anyway,
> > > users should set perms on their home directory to reflect the level of
> > > privacy they desire.
> > You are quite correct on all points and I do agree with them.
> > 
> > But world-writable would not be a good idea as required by the current
> 
> i said world readable not world writable.
I know, but the current setup requires that it is world writable to
work.
> > code. fsuid/fsgid is still set to the user we are su'ing to. And to make
> > it possible to create a home directory ,would require world writable
> > permissions on home.
> 
> i really think this is a configuration problem, a great many people
> have used this module without problems.
Any information on how this was done and on what distributions it works
would be very nice. Because this does not work on all the distributions
i have tested unless i make i possible for the users to write in /home.

/Troels.


_______________________________________________

Pam-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/pam-list

[Index of Archives]     [Fedora Users]     [Kernel]     [Red Hat Install]     [Linux for the blind]     [Gimp]

  Powered by Linux