[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: pam_mkhomedir doesn't work for su?



On Tue, Aug 06, 2002 at 10:14:54PM -0700, Chen Min wrote:
>  Here is what I did
> 
>  After add a line to pam_mkhomedir.c
> 
>   _log_err(LOG_DEBUG," current uid is %s(%d)\n",pwd->pw_name,pwd->pw_uid);
>    if (mkdir(pwd->pw_dir,0700) != 0)
>    {
>      perror("create directory error");
>       free(remark);
>       _log_err(LOG_DEBUG, "unable to create home directory %s",pwd->pw_dir);
>       return PAM_PERM_DENIED;
>    }
> 
>    Then I got:
>    		# su ppp
> 		Creating home directory '/home/ppp'.
> 		create directory error: Permission denied
>    Check syslog
> 		Aug  6 21:53:52 Whisper PAM-mkhomedir[11266]: current uid is ppp(545)
> 		Aug  6 21:53:52 Whisper PAM-mkhomedir[11266]: unable to create home
> directory /home/ppp
> 		Aug  6 21:53:52 Whisper su(pam_unix)[11266]:  session opened for user ppp
> by ppp(uid=0)
> 
>    That means current user is ppp before mkdir , run shell mkdir under /home
> directory, of course, got same message: permission denied. Then  #chmod 777
> home, #su ppp , the /home/ppp is created without any problem, so far

777 /home is not a good solution.

> anything make sense to me. But look this: when I use ssh to login ppp,
> syslog says:
>             Aug  6 22:03:13 Whisper PAM-mkhomedir[11280]:  current uid is
> ppp(545)
>    After that, I found /home/ppp was created successfully! I thought su had
> problem, but now I am wondering how come ssh login  succeed! Any idea?

because ssh (without privsep) runs the pam session with euid=0, your
not printing the euid.  it would seem that su runs the session without
root privileges (as does ssh with privsep).

nothing in the pam docs justifies the assumption that pam_session is
run as root so there is no bug here except in pam_mkhomedir for
assuming this.

-- 
Ethan Benson
http://www.alaska.net/~erbenson/

Attachment: pgp00002.pgp
Description: PGP signature


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []