[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

RE: pam_mkhomedir doesn't work for su?



This time, I print out the euid
   struct passwd *epw;
   epw= getpwuid( geteuid());
   _log_err(LOG_DEBUG," euid is %s(%d)\n",epw->pw_name,epw->pw_uid);
   if (mkdir(pwd->pw_dir,0700) != 0)


 I found euid in both ssh and su is root.So there are two possibilities:
     1 The euid which I got is not correct
     2 mkdir permission has been affected by something else besides current
euid and uid.

 Do I miss something?

Min

-----Original Message-----
From: pam-list-admin@redhat.com [mailto:pam-list-admin@redhat.com]On
Behalf Of Ethan Benson
Sent: Tuesday, August 06, 2002 11:44 PM
To: pam-list@redhat.com
Subject: Re: pam_mkhomedir doesn't work for su?


On Tue, Aug 06, 2002 at 10:14:54PM -0700, Chen Min wrote:
>  Here is what I did
>
>  After add a line to pam_mkhomedir.c
>
>   _log_err(LOG_DEBUG," current uid is %s(%d)\n",pwd->pw_name,pwd->pw_uid);
>    if (mkdir(pwd->pw_dir,0700) != 0)
>    {
>      perror("create directory error");
>       free(remark);
>       _log_err(LOG_DEBUG, "unable to create home directory
%s",pwd->pw_dir);
>       return PAM_PERM_DENIED;
>    }
>
>    Then I got:
>    		# su ppp
> 		Creating home directory '/home/ppp'.
> 		create directory error: Permission denied
>    Check syslog
> 		Aug  6 21:53:52 Whisper PAM-mkhomedir[11266]: current uid is ppp(545)
> 		Aug  6 21:53:52 Whisper PAM-mkhomedir[11266]: unable to create home
> directory /home/ppp
> 		Aug  6 21:53:52 Whisper su(pam_unix)[11266]:  session opened for user
ppp
> by ppp(uid=0)
>
>    That means current user is ppp before mkdir , run shell mkdir under
/home
> directory, of course, got same message: permission denied. Then  #chmod
777
> home, #su ppp , the /home/ppp is created without any problem, so far

777 /home is not a good solution.

> anything make sense to me. But look this: when I use ssh to login ppp,
> syslog says:
>             Aug  6 22:03:13 Whisper PAM-mkhomedir[11280]:  current uid is
> ppp(545)
>    After that, I found /home/ppp was created successfully! I thought su
had
> problem, but now I am wondering how come ssh login  succeed! Any idea?

because ssh (without privsep) runs the pam session with euid=0, your
not printing the euid.  it would seem that su runs the session without
root privileges (as does ssh with privsep).

nothing in the pam docs justifies the assumption that pam_session is
run as root so there is no bug here except in pam_mkhomedir for
assuming this.

--
Ethan Benson
http://www.alaska.net/~erbenson/





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []