On Thu, Jul 04, 2002 at 09:57:51PM -0700, Paul Johnson wrote: | Why is it programs running as a user who's a member of the shadow group | can't authenticate using PAM, man setgroups Some programs (eg zope) don't use setgroups(), and thus they don't pick up all the supplementary groups of their user. | but setting the group of /etc/shadow to | the user the process is running under can? Programs always are themself; you circle around the supplementary groups problem. | And what is causing | ownership of /etc/shadow to reset periodically? I don't know. I suspect that you are asking this in relation to exim+auth+pam. I haven't check exim specifically, but my guess is that it does not use setgroups() when it drops privileges to the mail:mail user. You can check the source, and even patch it yourself. I doubt Philip would accept a patch for exim3, but for exim4 you can ask him :-). -D -- Through love and faithfulness sin is atoned for; through the fear of the Lord a man avoids evil. Proverbs 16:6 http://dman.ddts.net/~dman/
Attachment:
pgpsVxNONPlaI.pgp
Description: PGP signature