pam_access: repatch
Julien Lecomte
julien at lecomte.at
Sat Sep 29 00:22:03 UTC 2007
On 27/09/2007 07:01, Thorsten Kukuk wrote:
> On Thu, Sep 27, Julien Lecomte wrote:
>> I remember that the "getpwuid" part didn't please you; and you actually
>> removed it from the patch applied.
>
> Yes, because it is wrong and will not do what you expect.
>
> getuid() returns the real user ID of the current process, not the one
> of the old or new user account. So getpwuid(getuid()) returns the
> passwd entry of the current process owner, which does not need to have
> anything to do with the old or new user.
I've got your point testing pam_access with sshd and su.
From what I understand, we could add an extra parameter to pam_access
to allow to use getuid() in the case of 'su'.
Julien
More information about the Pam-list
mailing list