Bug#677440: Please enable pam_loginuid by default
Le Fri, 17 May 2013 16:30:33 +0100,
Colin Watson <cjwatson@debian.org> a écrit :
> I'm concerned about some of the side-effects of moving common-session
> the way your patch does. For instance, one likely effect I see is
> that if you're using ecryptfs and you have a mailbox in your home
> directory (thus presumably updated by something inside your session)
> then pam_mail will no longer work properly. (Yes, in the standard
> configuration pam_mail will only be looking in /var/mail/, but it's
> easily conceivable that somebody might have added a dir= parameter
> locally.) The ordering here is pretty delicate, and I'd need a
> better reason for moving it than "other PAM services are doing this".
>
> Wouldn't it be safer to insert pam_loginuid above common-session, but
> otherwise leave it where it is?
That would indeed be also correct (as long as pam_loginuid is before
the include of common-session, if pam_systemd is present in
common-session it should be called after pam_loginuid).
Cheers
Laurent Bigonville
Reply to: