[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: pam_mkhomdir fix(ldap, su problem)



On Mon, Jul 07, 2003 at 12:04:33AM +0200, Troels Liebe Bentsen wrote:
> On Sun, 2003-07-06 at 23:35, Ethan Benson wrote:
> > On Sun, Jul 06, 2003 at 09:25:15PM +0200, Troels Liebe Bentsen wrote:
> > > 3. pam_mkhomedir is called, the effective uid is still root, and the
> > >    real uid is now the one of the users we su'ed to(eg. test). But since
> > >    we on linux have fsuid/fsgid and this is used for filesystem access, 
> > >    this makes it imposible for us to create a directory under /home 
> > >    because is owned by root and set to 750.
> 
> Sorry I was suppose to be 755.(as wrong i mail, correct on filesystem)
> >                                         ^^^^^
> 
> > there is no security threat from /home being world readable anyway,
> > users should set perms on thier home directory to reflect the level of
> > privacy they desire.
> You are quite correct on all points and I do agree with them.
> 
> But world-writable would not be a good idea as required by the current

i said world readable not world writable.

> code. fsuid/fsgid is still set to the user we are su'ing to. And to make
> it possible to create a home directory ,would require world writable
> permissions on home.

i really think this is a configuration problem, a great many people
have used this module without problems.

-- 
Ethan Benson
http://www.alaska.net/~erbenson/

Attachment: pgp00002.pgp
Description: PGP signature


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []