How do I set file permissions using PAM?
Hello:
I'm using Slackware 15.0 stable, and I'm trying to set my file's permissions using PAM. I want something like this: foo.file: rw-rw---- Because all my files belong to my own personal group. I've edited /etc/pam.d/system.auth adding this at the end: Code:
session [default=1 success=ignore] pam_succeed_if.so quiet uid eq 1000 Can anyone help, please?. |
Maybe try 0006? I don't use PAM for this, but mine is 0066 for rw-------.
|
Why try to set the umask with pam? Why not simply set the umask with a login script below /etc/profile.d or in your home directory? Another option would be to edit the umask setting in /etc/profile or whatever file your shell is using.
regards Henrik |
Perhaps try a test without the 'pam_succeed_if' line. Usually "succeed" means if you pass the test, your authentication is deemed as "succeeded" and pam exits the stack, without running further lines. You could also try removing the "quiet" and adding "debug" temporarily to get a little more verbose logging in /var/log/secure. Might find something helpful there as to how pam is handling things.
However, the default umask gets set in the /etc/profile script and would be easier to change there, no? |
Hello:
I have other Linux distros installed in different disks in another system. Sometimes I take things that I like from them and try them in Slackware. If I like them, I'll keep them. This experiment came from openSUSE: https://en.opensuse.org/SDB:Set_UMASK I know that there are other ways to change my umask: /etc/profile, files /etc/profile.d, .bashrc, etc. I wanted to get more familiar with PAM, also I wanted to put it to practical use (now that it is included in Slackware). I've had a first fast read of some of PAM's man pages, but some man pages are written more clearly than others. I figured /etc/pam.d/system.auth would be the correct file to edit, I'm aware that this file could be overwritten in an update. Anyway, I'm still open to suggestions. Greetings to all of you. |
Did you disable setting the umask via /etc/profile then? (And any other login scripts).
I would imagine that any changes made to the umask at the pam stage would be overrode later once bash starts up and sources its profile scripts. That article you linked may call profile scripts obsolete, but they are still used and sourced on Slackware. Adding 'debug' to those lines would show in the logs what pam is doing. My guess would be bash is still changing umask back to system default via /etc/profile though. |
Quote:
Anyway, the pam lines look reasonable, so I share your guess that it's being set and subsequently overwritten by the profile or Xsession files. |
PAM is a Pluggable Authentication Module system. Pam is not the place where you should decide to make file system ownership or permission changes, that is not what it is for.
You could script this and call it on boot from almost any flavor of CRON system, or form the logon start scripts. That would make better sense. (Depending upon WHY you want this, of course.) |
Quote:
|
All times are GMT -5. The time now is 12:24 PM. |