If you have nfs-mounted maildir's with root_squash enabled, pam_mail will
not work, in the sense that it always displays 'No mail' regardless of
whether or not you actually have mail. This is because pam_mail scans the
maildir directory as root, and root_squash then denies pam_mail access to
the maildirs. I've included a patch that calls seteuid to switch to the
user being logged in, scans the maildir, and reverts to the previous
effective uid.
I have deployed a patched pam_mail to a few machines and have not noticed
any problems.
--- pam_mail.orig.c 2007-09-30 01:12:02.225749505 -0400
+++ pam_mail.c 2007-09-30 01:12:26.806060542 -0400
@@ -404,6 +404,12 @@
char *folder = NULL;
const char *path_mail = NULL;
+ const char *user;
+ const struct passwd *pwd;
+ uid_t olduid = 0;
+ int seteuidok = 0;
+
/*
* this module (un)sets the MAIL environment variable, and checks if
* the user has any new mail.
@@ -449,6 +455,17 @@
D(("not setting " MAIL_ENV_NAME " variable"));
}
+ /* seteuid to user so that we can read mail */
+ if(pam_get_user(pamh, &user, NULL) == PAM_SUCCESS && user) {
+ pwd = pam_modutil_getpwnam(pamh, user);
+ if(pwd != NULL) {
+ olduid = geteuid();
+ if(seteuid(pwd->pw_uid) == 0) {
+ seteuidok = 1;
+ }
+ }
+ }
+
/*
* OK. we've got the mail folder... what about its status?
*/
@@ -462,6 +479,11 @@
}
}
+ /* seteuid to olduid */
+ if(seteuidok == 1) {
+ seteuid(olduid);
+ }
+
/* Delete environment variable? */
if ( ! est && ! (ctrl & PAM_NO_ENV) )
(void) pam_putenv(pamh, MAIL_ENV_NAME);
_______________________________________________
Pam-list mailing list
Pam-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/pam-list
