Re: how should a daemon drop privileges in a PAM-compatible way?
On Tue, Nov 20, 2007 at 12:07:10PM -0500, Eric Cooper wrote:
> I wrote a daemon that is started from an init-script as root, and then
> uses setuid and setgid to drop to a less-privileged system user and
> A user discovered that the program breaks when he uses the
> libpam-tmpdir module, because TMPDIR doesn't get changed to the
> /tmp/user/NNN directory, so the daemon tries, unsuccessfully, to
> create files in /tmp.
> What is the correct way to handle this?
TMPDIR is an environment variable; PAM modules are not allowed to touch env
vars directly, you need to call pam_getenvlist() after pam_open_session()
and iterate through the provided values, pushing them to the process
environment for the per-user session process.
> I'm not very familiar with PAM, but I presume there might be other PAM
> modules out there that would cause similar breakage; I don't want my
> program to have to know about them all.
Yes, such as pam_env and pam_krb5.
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.