SlackwareThis Forum is for the discussion of Slackware Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
And... I didn't work. The idea here was that all my new files would be created rw-rw----, directories drw-rw---- and I'd set something more specific if needed be.
Why try to set the umask with pam? Why not simply set the umask with a login script below /etc/profile.d or in your home directory? Another option would be to edit the umask setting in /etc/profile or whatever file your shell is using.
Perhaps try a test without the 'pam_succeed_if' line. Usually "succeed" means if you pass the test, your authentication is deemed as "succeeded" and pam exits the stack, without running further lines. You could also try removing the "quiet" and adding "debug" temporarily to get a little more verbose logging in /var/log/secure. Might find something helpful there as to how pam is handling things.
However, the default umask gets set in the /etc/profile script and would be easier to change there, no?
Last edited by 0XBF; 03-31-2024 at 07:57 PM.
Reason: grammar
I have other Linux distros installed in different disks in another system. Sometimes I take things that I like from them and try them in Slackware. If I like them, I'll keep them.
Did you disable setting the umask via /etc/profile then? (And any other login scripts).
I would imagine that any changes made to the umask at the pam stage would be overrode later once bash starts up and sources its profile scripts. That article you linked may call profile scripts obsolete, but they are still used and sourced on Slackware.
Adding 'debug' to those lines would show in the logs what pam is doing. My guess would be bash is still changing umask back to system default via /etc/profile though.
Perhaps try a test without the 'pam_succeed_if' line. Usually "succeed" means if you pass the test, your authentication is deemed as "succeeded" and pam exits the stack, without running further lines.
I think you're thinking of "sufficient" there.
Anyway, the pam lines look reasonable, so I share your guess that it's being set and subsequently overwritten by the profile or Xsession files.
PAM is a Pluggable Authentication Module system. Pam is not the place where you should decide to make file system ownership or permission changes, that is not what it is for.
You could script this and call it on boot from almost any flavor of CRON system, or form the logon start scripts. That would make better sense. (Depending upon WHY you want this, of course.)
Anyway, the pam lines look reasonable, so I share your guess that it's being set and subsequently overwritten by the profile or Xsession files.
Indeed I was. A while back I had a pam_succeed_if module paired with "sufficient" on another machine where I was trying to run a root account outside of elogind. In OP's case I don't think that is the problem because of the "[default=1 success=ignore]" condition. A debug log should show pam setting umask, which would then point us to look elsewhere like profile scripts.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.