pam-list-request@xxxxxxxxxx wrote: > Send Pam-list mailing list submissions to > pam-list@xxxxxxxxxx > > To subscribe or unsubscribe via the World Wide Web, visit > https://www.redhat.com/mailman/listinfo/pam-list > or, via email, send a message with subject or body 'help' to > pam-list-request@xxxxxxxxxx > > You can reach the person managing the list at > pam-list-owner@xxxxxxxxxx > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of Pam-list digest..." > > ------------------------------------------------------------------------ > > Today's Topics: > > 1. help with running popen (ronald de la cruz) > 2. Re: help with running popen (Kris Deugau) > > > ------------------------------------------------------------------------ > > Subject: > help with running popen > From: > "ronald de la cruz" <rcdelacruz@xxxxxxxxx> > Date: > Tue, 3 Apr 2007 17:27:11 +0800 > To: > pam-list@xxxxxxxxxx > > To: > pam-list@xxxxxxxxxx > > Precedence: > junk > MIME-Version: > 1.0 > Reply-To: > Pluggable Authentication Modules <pam-list@xxxxxxxxxx> > Message-ID: > <42255b6c0704030227h7bdb0d4csad039934c902a449@xxxxxxxxxxxxxx> > Content-Type: > multipart/alternative; boundary="----=_Part_5495_12844550.1175592431070" > Message: > 1 > > > hi there...im writing a pam module with encryption using gpg. > im trying to use popen() to run external command like gpg. > FILE *fp > fp = popen("sudo gpg -ear....", "r"); > > the problem is, im trying to run this with the sudo command > but the pam module won't accept it, > the error is > > sudo: gpg: commant not found > > > please help i really need to run gpg with sudo > > -- > ronald de la cruz > ------------------------------------------------------------------------ > > Subject: > Re: help with running popen > From: > Kris Deugau <kdeugau@xxxxxxxxx> > Date: > Tue, 03 Apr 2007 10:56:53 -0400 > To: > Pluggable Authentication Modules <pam-list@xxxxxxxxxx> > > To: > Pluggable Authentication Modules <pam-list@xxxxxxxxxx> > > Content-Transfer-Encoding: > 7bit > Precedence: > junk > MIME-Version: > 1.0 > References: > <42255b6c0704030227h7bdb0d4csad039934c902a449@xxxxxxxxxxxxxx> > In-Reply-To: > <42255b6c0704030227h7bdb0d4csad039934c902a449@xxxxxxxxxxxxxx> > Reply-To: > Pluggable Authentication Modules <pam-list@xxxxxxxxxx> > Message-ID: > <46126B35.4020308@xxxxxxxxx> > Content-Type: > text/plain; charset=ISO-8859-1; format=flowed > Message: > 2 > > > This doesn't really look like a PAM question, exactly; although PAM > and whatever calls it will determine which UID and GID your module > starts executing as. > > ronald de la cruz wrote: >> hi there...im writing a pam module with encryption using gpg. >> im trying to use popen() to run external command like gpg. >> FILE *fp >> fp = popen("sudo gpg -ear....", "r"); >> >> the problem is, im trying to run this with the sudo command >> but the pam module won't accept it, >> the error is >> >> sudo: gpg: commant not found >> >> >> please help i really need to run gpg with sudo > > gpg is a bad example; it's much more paranoid about the (E)UID and > (E)GID it runs under. I don't think sudo will go quite far enough. > > Check the command you're trying to run manually; run it as root, as a > "full" regular user, and as a restricted user like nobody. You'll > probably have to do some additional (E)UID/(E)GID tweaking to get your > module running as the correct UID/GID for what you want to accomplish. > > -kgd > > > ------------------------------------------------------------------------ > > _______________________________________________ > Pam-list mailing list > Pam-list@xxxxxxxxxx > https://www.redhat.com/mailman/listinfo/pam-list There are several things which i suspect: First, popen() does not necessarily provide a PATH, so it's a good idea to supply an absolute path 'gpg'. Second, sudo needs a table of 'sudoers' to authorize against. Your module will succeed only if you keep this file up to date for ALL possible users :-( Andreas -- Dr.-Ing. Andreas Schindler Alpha Zero One Computersysteme GmbH Frankfurter Str. 141 63303 Dreieich Telefon 06103-57187-21 Telefax 06103-373245 schindler@xxxxxx www.az1.de _______________________________________________ Pam-list mailing list Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
