[linux-lvm] lvcreate from a setuid-root binary
Christoph Pleger
christoph.pleger at cs.uni-dortmund.de
Mon Nov 19 15:17:18 UTC 2018
Hello,
On 2018-11-19 14:19, Bryn M. Reeves wrote:
> On Fri, Nov 16, 2018 at 02:43:10PM +0100, Christoph Pleger wrote:
>> The beginning is that I want to create a user-specific logical volume
>> when a
>> user logs in to a service that authenticates its users through pam and
>> that
>> does not run as root.
>
> Couldn't you use a pam_scripts ses_open/ses_close hook to do this?
>
> That way you can get rid of any suid binary and rely on the well
> tested PAM stack to carry out the set up (and optionally clean up)
> for the users at login/out time.
Hm, I do not see how the scripts called by pam_scripts can be executed
with another user id than the process that called pam_authenticate()?
Regards
Christoph
More information about the linux-lvm
mailing list