[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: pam_mkhomdir fix(ldap, su problem)



On Sun, Jul 06, 2003 at 09:25:15PM +0200, Troels Liebe Bentsen wrote:
> 3. pam_mkhomedir is called, the effective uid is still root, and the
>    real uid is now the one of the users we su'ed to(eg. test). But since
>    we on linux have fsuid/fsgid and this is used for filesystem access, 
>    this makes it imposible for us to create a directory under /home 
>    because is owned by root and set to 750.
                                        ^^^^^

that is probably your problem, see if it works if you set /home to
755.

if its root.root 750 then the user won't be able to access anything
under /home, including his home directory, regardless of what
permissions it has.

if your intent was to prevent other users from listing /home then set
it to root:root 751.  but this is really quite silly since anyone can
still ls a directory in there if they know the name in advance, and
the world readable /etc/passwd will tell them exactly what is under /home.

there is no security threat from /home being world readable anyway,
users should set perms on thier home directory to reflect the level of
privacy they desire.

-- 
Ethan Benson
http://www.alaska.net/~erbenson/

Attachment: pgp00001.pgp
Description: PGP signature


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []