pam_sm_close_session doesn't run without privilege seperation

From: Chris Jensen (cjensen_at_gmail.com)
Date: 09/03/04

  • Next message: WEC IT Services (UK): "Re: SSH won't execute shell"
    Date: Fri, 3 Sep 2004 06:42:10 +0000
    To: secureshell@securityfocus.com
    
    

    Hi,
    I've got pam_mount set up mostly with openssh. Except for one catch,
    it'll mount fine, the pam_sm_open_session function gets called (as
    root) at session start and it mounts the directory I want.

    But when I exit the session, pam_sm_close_session gets called, but it
    only runs as the user that was logged in, so it doesn't have
    permission to unmount the directory.

    So to alleviate this, I set UsePrivilegeSeperation No in the
    sshd_config, and now pam_sm_close_session doesn't get called at all

    I've got debugging on in pam_mount, so with privilege seperation, I see
    sshd[14609]: pam_mount: received order to close things
    in the log (followed by about 20 or so more verbose debugs from pam_mount)
    But without privilege seperation, I get nothing.

    Is this a known problem? Surely this must be a bug with openssh?
    I'm running OpenSSH_3.9p1 and pam_mount 0.9.20


  • Next message: WEC IT Services (UK): "Re: SSH won't execute shell"

    Relevant Pages

    • Re: X11 tunnelling issue andlogin security question
      ... I have a unix server that I have installed OpenSSH and it all works fine. ... am able to start a session and log in and use X11 forwarding ...
      (comp.security.ssh)
    • Re: unable to mount removable media with xfce4 version 4.10.1
      ...  media is not mounted and if I ask to mount ...  needs systemd now in sid. ... 1- xfce4 systematically records my sessions when I logout and I don't ... You can disable session saving in Xfce from the xfce4-settings-manager or to be asked if you want to save the session, three options, quite nice IMO. ...
      (Debian-User)
    • Got my first and second horse hugs last night
      ... Duchess and I had a very good session last night. ... on a couple of issues with her standing still for me to mount and some ...
      (rec.equestrian)
    • Re: ssh type of service (tos)
      ... > I wonder how openssh finds out how a session is interactive or not. ... > use openssh for a number of purposes, including rsync and https. ... Good judgement comes with experience. ...
      (comp.security.ssh)
    • Re: Cant write to DVD+R?
      ... A CD-R can be written to ... had the initial session burned with -multi, and has some free space left ... last-burned session is visible when you mount the CD-R in the usual ... sessions *until* you finalize the CD-R by not passing the -multi option ...
      (comp.os.linux.misc)