Sorry, I was not clear. I'll try again. I have written a PAM shared object (.so) module. It should log PAM session related info to a remote database at session start and stop. In the rare times when there are network issues I would like the module to log to a local cache file. When the network is reestablished I want to send all the cached records to the remote DB. I want the cache file to exist in a protected part of the file system. It should be owned by root or some other user. It should not be generally accessible by the "public". Since this is a shared object module I do not seem to control the "setuid" nature of the instigating program like "su", or "ssh". I am doing my development on a somewhat old Ubuntu machine. As it happens "su" is installed as setuid-root and ssh is not setuid at all. So I was wondering if PAM had some magic to handle this situation? Right now I think that my best bet is to write my own setuid executable and use "pam_exec". all the best _______________________________________________ Pam-list mailing list Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list