[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: pam_mkhomdir fix(ldap, su problem)



On Sun, 2003-07-06 at 23:35, Ethan Benson wrote:
> On Sun, Jul 06, 2003 at 09:25:15PM +0200, Troels Liebe Bentsen wrote:
> > 3. pam_mkhomedir is called, the effective uid is still root, and the
> >    real uid is now the one of the users we su'ed to(eg. test). But since
> >    we on linux have fsuid/fsgid and this is used for filesystem access, 
> >    this makes it imposible for us to create a directory under /home 
> >    because is owned by root and set to 750.

Sorry I was suppose to be 755.(as wrong i mail, correct on filesystem)
>                                         ^^^^^

> there is no security threat from /home being world readable anyway,
> users should set perms on thier home directory to reflect the level of
> privacy they desire.
You are quite correct on all points and I do agree with them.

But world-writable would not be a good idea as required by the current
code. fsuid/fsgid is still set to the user we are su'ing to. And to make
it possible to create a home directory ,would require world writable
permissions on home.

Kind Regards
 Troels Liebe Bentsen.




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []