Re: pam_access: repatch

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 27/09/2007 07:01, Thorsten Kukuk wrote:
On Thu, Sep 27, Julien Lecomte wrote:
I remember that the "getpwuid" part didn't please you; and you actually removed it from the patch applied.

Yes, because it is wrong and will not do what you expect.
getuid() returns the real user ID of the current process, not the one
of the old or new user account. So getpwuid(getuid()) returns the
passwd entry of the current process owner, which does not need to have
anything to do with the old or new user.

I've got your point testing pam_access with sshd and su.

From what I understand, we could add an extra parameter to pam_access to allow to use getuid() in the case of 'su'.

Julien

_______________________________________________
Pam-list mailing list
Pam-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/pam-list

[Index of Archives]     [Fedora Users]     [Kernel]     [Red Hat Install]     [Linux for the blind]     [Gimp]

  Powered by Linux