On Tue, Nov 20, 2007 at 12:07:10PM -0500, Eric Cooper wrote: > I wrote a daemon that is started from an init-script as root, and then > uses setuid and setgid to drop to a less-privileged system user and > group.
> A user discovered that the program breaks when he uses the > libpam-tmpdir module, because TMPDIR doesn't get changed to the > /tmp/user/NNN directory, so the daemon tries, unsuccessfully, to > create files in /tmp. > What is the correct way to handle this? TMPDIR is an environment variable; PAM modules are not allowed to touch env vars directly, you need to call pam_getenvlist() after pam_open_session() and iterate through the provided values, pushing them to the process environment for the per-user session process. > I'm not very familiar with PAM, but I presume there might be other PAM > modules out there that would cause similar breakage; I don't want my > program to have to know about them all. Yes, such as pam_env and pam_krb5. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. [EMAIL PROTECTED] http://www.debian.org/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
