pam_sm_close_session doesn't run without privilege seperation
From: Chris Jensen (cjensen_at_gmail.com)
Date: Fri, 3 Sep 2004 06:42:10 +0000 To: firstname.lastname@example.org
I've got pam_mount set up mostly with openssh. Except for one catch,
it'll mount fine, the pam_sm_open_session function gets called (as
root) at session start and it mounts the directory I want.
But when I exit the session, pam_sm_close_session gets called, but it
only runs as the user that was logged in, so it doesn't have
permission to unmount the directory.
So to alleviate this, I set UsePrivilegeSeperation No in the
sshd_config, and now pam_sm_close_session doesn't get called at all
I've got debugging on in pam_mount, so with privilege seperation, I see
sshd: pam_mount: received order to close things
in the log (followed by about 20 or so more verbose debugs from pam_mount)
But without privilege seperation, I get nothing.
Is this a known problem? Surely this must be a bug with openssh?
I'm running OpenSSH_3.9p1 and pam_mount 0.9.20