On Thu, Jul 04, 2002 at 09:57:51PM -0700, Paul Johnson wrote:
| Why is it programs running as a user who's a member of the shadow group
| can't authenticate using PAM,
man setgroups
Some programs (eg zope) don't use setgroups(), and thus they don't
pick up all the supplementary groups of their user.
| but setting the group of /etc/shadow to
| the user the process is running under can?
Programs always are themself; you circle around the supplementary
groups problem.
| And what is causing
| ownership of /etc/shadow to reset periodically?
I don't know.
I suspect that you are asking this in relation to exim+auth+pam. I
haven't check exim specifically, but my guess is that it does not use
setgroups() when it drops privileges to the mail:mail user. You can
check the source, and even patch it yourself. I doubt Philip would
accept a patch for exim3, but for exim4 you can ask him :-).
-D
--
Through love and faithfulness sin is atoned for;
through the fear of the Lord a man avoids evil.
Proverbs 16:6
http://dman.ddts.net/~dman/
Attachment:
pgpsVxNONPlaI.pgp
Description: PGP signature