[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[Patch] Make pam_mail work with root_squash



My apologies, the previous mail was missing the subject.

If you have nfs-mounted maildir's with root_squash enabled, pam_mail will
not work, in the sense that it always displays 'No mail' regardless of
whether or not you actually have mail. This is because pam_mail scans the
maildir directory as root, and root_squash then denies pam_mail access to
the maildirs. I've included a patch that calls seteuid to switch to the
user being logged in, scans the maildir, and reverts to the previous
effective uid.

I have deployed a patched pam_mail to a few machines and have not noticed
any problems.
--- pam_mail.orig.c	2007-09-30 01:12:02.225749505 -0400
+++ pam_mail.c	2007-09-30 01:12:26.806060542 -0400
@@ -404,6 +404,12 @@
     char *folder = NULL;
     const char *path_mail = NULL;
+    const char *user;
+    const struct passwd *pwd;
+    uid_t olduid = 0;
+    int seteuidok = 0;
+
     /*
      * this module (un)sets the MAIL environment variable, and checks if
      * the user has any new mail.
@@ -449,6 +455,17 @@
 	D(("not setting " MAIL_ENV_NAME " variable"));
     }
 
+    /* seteuid to user so that we can read mail */
+    if(pam_get_user(pamh, &user, NULL) == PAM_SUCCESS && user) {
+	    pwd = pam_modutil_getpwnam(pamh, user);
+        if(pwd != NULL) {
+            olduid = geteuid();
+            if(seteuid(pwd->pw_uid) == 0) {
+                seteuidok = 1;
+            }
+        }
+    }
+
     /*
      * OK. we've got the mail folder... what about its status?
      */
@@ -462,6 +479,11 @@
 	}
     }
 
+    /* seteuid to olduid */
+    if(seteuidok == 1) {
+        seteuid(olduid);
+    }
+
     /* Delete environment variable? */
     if ( ! est && ! (ctrl & PAM_NO_ENV) )
 	(void) pam_putenv(pamh, MAIL_ENV_NAME);

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]