Re: pam_sm_close_session doesn't run without privilege seperation
From: Darren Tucker (dtucker_at_zip.com.au)
Date: Sat, 04 Sep 2004 14:21:52 +1000 To: Chris Jensen <firstname.lastname@example.org>
Chris Jensen wrote:
> I've got pam_mount set up mostly with openssh. Except for one catch,
> it'll mount fine, the pam_sm_open_session function gets called (as
> root) at session start and it mounts the directory I want.
> But when I exit the session, pam_sm_close_session gets called, but it
> only runs as the user that was logged in, so it doesn't have
> permission to unmount the directory.
Someone mentioned that (again, apparently, I missed the first message) a
couple of days ago. I have opened a bug (with patch):
Could you please try the patch and let me know if it resolves the
problem? (Privately or to the bug, please, unless there's additional
info that might be of interest to secureshell@ readers).
I need to think a bit more about the !privsep case, though.
-- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement.