Hi David, On Wed, Oct 03, 2007 at 08:53:38PM -0400, David Bartley wrote: > My apologies, the previous mail was missing the subject. > If you have nfs-mounted maildir's with root_squash enabled, pam_mail will > not work, in the sense that it always displays 'No mail' regardless of > whether or not you actually have mail. This is because pam_mail scans the > maildir directory as root, and root_squash then denies pam_mail access to > the maildirs. I've included a patch that calls seteuid to switch to the > user being logged in, scans the maildir, and reverts to the previous > effective uid. > I have deployed a patched pam_mail to a few machines and have not noticed > any problems. Given that nowhere is there a spec that requires PAM applications to assume particular privileges before calling into pam_open_session(), this patch carries some risk of inadvertently dropping privileges that it shouldn't. C.f. the uid-changing code in pam_unix for more (scary) details. Also, on recent Linux systems setfsuid() is a simpler way to handle NFS root squash. C.f. pam_rhosts and pam_xauth for examples of this. I think the best option here is to use setfsuid() if available, and fall back to seteuid(). Cheers, -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. vorlon@xxxxxxxxxx http://www.debian.org/ _______________________________________________ Pam-list mailing list Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
