Module Idea
B.J. Black
bj at schmong.org
Fri Sep 14 19:01:20 UTC 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi all!
I haven't been able to find evidence of such a thing, so I thought I'd
ask here before (re)writing one...
I'm thinking it'd be handy to have a session module that would run an
arbitrary command (as root) at session start/end/whatever. I don't see
one out there and think it'd be pretty easy to write it.
Maybe call it pam_exec or similar. Other than the obvious security
concerns, is there any terribly compelling reason not to do so? In most
cases, putting a setuid command in /etc/profile et al would work too but
probably not quite as cleanly...
- --bj
P.S. Oddly enough, I wrote such a thing a few years back when I last
tinkered with the innards of linux-pam, but couldn't release it because
of the company I was working at. Now I'm not encumbered and it's a
fairly easy hack, so...
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFG6tqABWZe+3ib/AERAq4kAJ9ygQQpB/zNuecrqqm1154PD0YUWwCcD/Ra
ijkduJMYOYGs4dLG5H/GK8s=
=egAg
-----END PGP SIGNATURE-----
More information about the Pam-list
mailing list