shall a pam-enabled application be setuid root to be able to pam_authenticate system users ?
Sebastien Cabaniols
sebastien.cabaniols at hp.com
Thu Mar 15 14:07:20 UTC 2007
Hello list,
I am quite new to pam and I have currently managed to integrate pam to a short
hello world application but I don't understand if my application has to run
as root or not:
I have defined a /etc/pam.d/test which contains the following:
auth required pam_unix_auth.so
account required pam_unix_acct.so
My application will start after pam_authenticate succeds (I am simply using
the standard misc_conv from pam_misc.)
If I am running my application on behalf of the non-priviledged user 'seb',
then I can only pam_authenticate the user 'seb'. To be able to authenticate
other users, I have to run the process as root or setuid or sudo.
How can an application (such as a webservice) run on behalf of an
unpriviledged user and still refuse to run if you can't provide a valid
user/password on the linux system ?
Many thanks in advance for any help.
More information about the Pam-list
mailing list