[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Setting loginuid

To: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
Subject: Re: Setting loginuid
From: Stephen Smalley <sds@xxxxxxxxxxxxxx>
Date: Tue, 15 Feb 2005 11:31:23 -0500
Cc: Steve G <linux_4ever@xxxxxxxxx>, selinux@xxxxxxxxxxxxx
In-reply-to: <20050215162704.15893.qmail@xxxxxxxxxxxxxxxxxxxxxxx>
Organization: National Security Agency
References: <20050215162704.15893.qmail@xxxxxxxxxxxxxxxxxxxxxxx>
Sender: owner-selinux@xxxxxxxxxxxxx

On Tue, 2005-02-15 at 11:27, Casey Schaufler wrote:
> Some programs that use PAM, including su, are
> not login sessions and hence must not set the
> loginuid.

That can be handled by not including the pam_audit or pam_loginuid
(whatever it is called) module in the pam configuration for su (i.e.
/etc/pam.d/su).  It doesn't necessarily requiring patching the
individual programs; it just means that you have to insert individual
pam_audit entries in desired program-specific pam configuration files
rather than just putting it in the generic system-auth one.

-- 
Stephen Smalley <sds@xxxxxxxxxxxxxx>
National Security Agency

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.

Follow-Ups:
- Re: Setting loginuid
  - From: Casey Schaufler

References:
- Re: Setting loginuid
  - From: Casey Schaufler

Prev by Date: Re: Setting loginuid
Next by Date: Re: Determining if SELinux is installed
Previous by thread: Re: Setting loginuid
Next by thread: Re: Setting loginuid
Index(es):
- Date
- Thread

This mailing list archive is a service of Copilot Consulting.