Re: pam modules and setuid actions

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


Sorry, I was not clear.  I'll try again.

I have written a PAM shared object (.so) module.  It should log PAM
session related info to a remote database at session start and stop.
In the rare times when there are network issues I would like the
module to log to a local cache file.  When the network is
reestablished I want to send all the cached records to the remote DB.

I want the cache file to exist in a protected part of the file system.
 It should be owned by root or some other user.  It should not be
generally accessible by the "public".

Since this is a shared object module I do not seem to control the
"setuid" nature of the instigating program like "su", or "ssh".  I am
doing my development on a somewhat old Ubuntu machine.  As it happens
"su" is installed as setuid-root and ssh is not setuid at all.  So I
was wondering if PAM had some magic to handle this situation?

Right now I think that my best bet is to write my own setuid
executable and use "pam_exec".

all the best

Pam-list mailing list

[Index of Archives]     [Fedora Users]     [Kernel]     [Red Hat Install]     [Linux for the blind]     [Gimp]

  Powered by Linux