[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: xlockmore (pam)

Chris Y., Network Operations, DCS wrote:
> Hi,
> I am running pamified shadow, and my xlock is broken.  The xlock that I am
> using is the pamified version from
> ftp://ftp.redhat.com/pub/redhat/rembrandt/i386/RedHat/RPMS/xlockmore-3.9-2.i386.rpm
> I believe that this is the xlock rpm I am using :)
> Now my problem is when I "lock" the terminal... I cannot unlock it using
> root's or my user's password.

This is a RTFL (Read The Fine List), since we got this solved last week.


xlock and vlock don't currently work with shadow passwords; they
are unprivileged programs, and shadow is only accessible as root.

One way to get around this problem which *shouldn't* open up any
security holes, but which has received only minimal security analysis,
is to do this as root:

chgrp adm /etc/shadow
chmod g+r /etc/shadow
chgrp adm /usr/X11R6/bin/xlock
chmod g+s /usr/X11R6/bin/xlock
chgrp adm /usr/bin/vlock
chmod g+s /usr/bin/vlock


Works as advertised. Another solution is to suid xlock to root. I don't
know if that causes any possible security holes, though...


+ John Fulmer                   | "UNIX was not designed to stop     +
+ Secure Network System	        |  you from doing stupid things,     +
+ Lawrence, Kansas              |  because that would also stop you  +
+                               |  from doing clever things."	     +
+ jfulmer@blanket.com           |                                    + 
+ http://www.blanket.com        |                     -- Larry Wall  +
+ ---------> PGP: finger jfulmer@horse.blanket.com for key <-------- +

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []