Place to call pam_loginuid in the pam session stack
Steve Grubb
sgrubb at redhat.com
Tue Apr 22 18:59:46 UTC 2014
On Tuesday, April 22, 2014 07:30:44 PM Laurent Bigonville wrote:
> Hello,
>
> This is maybe a dumb question, but is there any preferred place in the
> pam session stack to call pam_loginuid?
>
> Is it preferable to call it just after "pam_selinux close" or is any
> place OK? I guess the sooner the better so the needed information are
> present to audit what the other pam modules are doing?
I think that as long as its set before a user can cause any action to occur on
their behalf is all that is required. If there is a pam module that looks in a
user's home directory for settings and then does something based on that, then
you'd need to set it before that module.
-Steve
More information about the Linux-audit
mailing list