Re: pam_sm_close_session doesn't run without privilege seperation

From: Darren Tucker (dtucker_at_zip.com.au)
Date: 09/04/04

  • Next message: Nick Payne-Roberts: "~user on sftp-server having entire shell access..."
    Date: Sat, 04 Sep 2004 14:21:52 +1000
    To: Chris Jensen <cjensen@gmail.com>
    
    

    Chris Jensen wrote:
    > I've got pam_mount set up mostly with openssh. Except for one catch,
    > it'll mount fine, the pam_sm_open_session function gets called (as
    > root) at session start and it mounts the directory I want.
    >
    > But when I exit the session, pam_sm_close_session gets called, but it
    > only runs as the user that was logged in, so it doesn't have
    > permission to unmount the directory.

    Someone mentioned that (again, apparently, I missed the first message) a
    couple of days ago. I have opened a bug (with patch):
    http://bugzilla.mindrot.org/show_bug.cgi?id=926

    Could you please try the patch and let me know if it resolves the
    problem? (Privately or to the bug, please, unless there's additional
    info that might be of interest to secureshell@ readers).

    I need to think a bit more about the !privsep case, though.

    -- 
    Darren Tucker (dtucker at zip.com.au)
    GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
         Good judgement comes with experience. Unfortunately, the experience
    usually comes from bad judgement.
    

  • Next message: Nick Payne-Roberts: "~user on sftp-server having entire shell access..."

    Relevant Pages