[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: how should a daemon drop privileges in a PAM-compatible way?

On Tue, Nov 20, 2007 at 12:07:10PM -0500, Eric Cooper wrote:
> I wrote a daemon that is started from an init-script as root, and then
> uses setuid and setgid to drop to a less-privileged system user and
> group.

> A user discovered that the program breaks when he uses the
> libpam-tmpdir module, because TMPDIR doesn't get changed to the
> /tmp/user/NNN directory, so the daemon tries, unsuccessfully, to
> create files in /tmp.

> What is the correct way to handle this?

TMPDIR is an environment variable; PAM modules are not allowed to touch env
vars directly, you need to call pam_getenvlist() after pam_open_session()
and iterate through the provided values, pushing them to the process
environment for the per-user session process.

> I'm not very familiar with PAM, but I presume there might be other PAM
> modules out there that would cause similar breakage; I don't want my
> program to have to know about them all.

Yes, such as pam_env and pam_krb5.

Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
vorlon@debian.org                                   http://www.debian.org/

Reply to: