[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: PAM_pwdb reports user as root



Michael K. Johnson wrote:
> 
> "Robert T. Bevill" writes:
> >Why is PAM reoprting this?
> >
> >Apr 17 17:28:47 olympus PAM_pwdb[5420]: (login) session opened for user jsmith by tjones(uid=0)
> 
> Because su is setuid root.  pam_pwdb is telling you that it knew that the

But this message is for a 'login' session. Since the 'tjones' is
obtained from getlogin(), I'd take a look at whether your wtmp file is
corrupted or not. (What do 'who' and 'last' report?)

> name of the user for which session was being started was tjones, but the
> actual uid opening the session was root.  That is actually the correct
> way for it to be done (some session modules require that they be called
> as root; those that need user permissions can setreuid to get user

I believe that the module logs the uid here and not the euid (which is
what su has set to 0). Here is an example from one of my logs:

Apr 20 09:41:45 bounce PAM_pwdb[501]: (su) session opened for user
morgan by luser(uid=1023)

> permissions); perhaps the message ought to be clarified a bit...

Cheers

Andrew



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []