Default sudo setup (Was: Re: The Future of Fedora.)

Michael K. Johnson johnsonm at redhat.com
Wed Dec 10 22:00:36 UTC 2003


On Wed, Dec 10, 2003 at 01:48:56PM -0800, Shahms E. King wrote:
> I don't know the details of what is happening, but from the outside (and
> a userhelper-wrapped /bin/env) it appears that pam_xauth uses the file
> specified in the calling applications XAUTHORITY environment variable to
> create a new .xauth<random chars> file with the appropriate cookies. 
> This works just fine when the userhelper USER is "root" because the new
> file is created in root's home directory, and then userhelper invokes
> the program as root and it can read the file no problem.  But when the
> USER is set to '<user>' pam_xauth creates a *new* xauth file in the
> user's home directory which would be fine, except userhelper then
> invokes the program as root which cannot read this file if it is on a
> root-squashed NFS mount.
> 
> If you need any more details than that, I'll do what I can.

Well, is it in bugzilla?  :-)

Hmm, when I did it, pam read the xauth contents and piped them through
to xauth in the next context so no filesystem confusion existed.  I
haven't touched it for something like 3 years, though, so things may
have changed.

michaelkjohnson

 "He that composes himself is wiser than he that composes a book."
 Linux Application Development                     -- Ben Franklin
 http://people.redhat.com/johnsonm/lad/





More information about the fedora-devel-list mailing list