pam modules and setuid actions
Seven Reeds
seven.reeds at gmail.com
Wed Mar 13 16:02:25 UTC 2013
Sorry, I was not clear. I'll try again.
I have written a PAM shared object (.so) module. It should log PAM
session related info to a remote database at session start and stop.
In the rare times when there are network issues I would like the
module to log to a local cache file. When the network is
reestablished I want to send all the cached records to the remote DB.
I want the cache file to exist in a protected part of the file system.
It should be owned by root or some other user. It should not be
generally accessible by the "public".
Since this is a shared object module I do not seem to control the
"setuid" nature of the instigating program like "su", or "ssh". I am
doing my development on a somewhat old Ubuntu machine. As it happens
"su" is installed as setuid-root and ssh is not setuid at all. So I
was wondering if PAM had some magic to handle this situation?
Right now I think that my best bet is to write my own setuid
executable and use "pam_exec".
all the best
More information about the Pam-list
mailing list