pam modules and setuid actions
Seven Reeds
seven.reeds at gmail.com
Tue Mar 12 18:14:34 UTC 2013
Hi,
I am very close to finishing a pam module that will log specific user
session activities to a database. There could be situations though in
which the primary, remote DB is unavailable so I want to create a
local "cache" of loggable events. Once remote DB access is regained I
will upload the cache records and be very happy. There is an issue
though.
I want the cache to live in protected space. I would like to open the
cache as "root" or some other dedicated user. I do not want the
general public to inspect or edit the cache. I have just tried
wrapping the cache "open" in setuid calls but that has not worked. I
am using "su" as my testing tool but even though the "su" executable
is setuid by default the open section fails.
Is there a general PAM related solution to this?
thanks
Seven
More information about the Pam-list
mailing list