On Mon, 2003-07-07 at 07:28, Ethan Benson wrote: > On Sun, Jul 06, 2003 at 08:19:55PM -0400, Doctor High wrote: > > On Mon, 2003-07-07 at 00:35, Ethan Benson wrote: > > > On Sun, Jul 06, 2003 at 05:54:58PM -0500, Steve Langasek wrote: > > > > > > > > Convince the OpenSSH maintainers that the current behavior is incorrect, > > > > and get them to change it. > > > > > > who says its incorrect? not the pam docs. pam_session running as > > > root has always been an assumption. > > > > > > its less convenient, but also much safer, always a tradeoff. > > > > So if pretty much all services try to run pam_mkhomedir as the > > connecting user, then what's the point of having pam_mkhomedir? > > you would just have to implement it some other way. So the conclusion is that one should not have any expectation on rights for session modules, ie. the only way to implement a module like pam_mkhomedir, is to make it a small wrapper that call's a setuid program that does the actual work(creating home directory and copying over skel files)? /Troels. _______________________________________________ Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
