On 27/09/2007 07:01, Thorsten Kukuk wrote:
On Thu, Sep 27, Julien Lecomte wrote:
I remember that the "getpwuid" part didn't please you; and you actually
removed it from the patch applied.
Yes, because it is wrong and will not do what you expect.
getuid() returns the real user ID of the current process, not the one
of the old or new user account. So getpwuid(getuid()) returns the
passwd entry of the current process owner, which does not need to have
anything to do with the old or new user.
I've got your point testing pam_access with sshd and su.
From what I understand, we could add an extra parameter to pam_access
to allow to use getuid() in the case of 'su'.
Julien
_______________________________________________
Pam-list mailing list
Pam-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/pam-list
