On Mon, 2006-01-30 at 09:33, Jonathan DeSena wrote: > I will probably do the latter for now, at least. The modification to > the audit policy that would help would be to not log accesses of > /etc/shadow by certain programs running as non-root (only xscreensaver in > our environment). Unfortunately, SNARE does not support filtering by > program name, only user. Regardless, I do not think this would be an > allowable change. I also enumerated some other possibilities in a previous > post. > > Thanks to all for helping to point out the limitations of my simple patch. > I now understand better when it will and will not work. That is why I > posted it to the list. > > I would still appreciate any additional comments on how to best resolve > the auditing issue. If there was a simple solution, someone would have done it long ago. You either need to grant access to the file by the programs that need it, or you need a suid helper to do it for you. Flip a coin as to which approach is less likely to introduce security bugs. -- Les Mikesell les@xxxxxxxxxxxxxxxx _______________________________________________ Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
