[Bug 789] pam_setcred() not being called as root

[bugzilla-daemon at mindrot.org]

http://bugzilla.mindrot.org/show_bug.cgi?id=789





------- Additional Comments From egmont at uhulinux.hu  2004-01-16 00:56 -------
If you want to assign 5 to the variable x, you write "x=5" instead of
"if (x!=5) x=5".
If you want to remove a file, you write "rm file" and let it perhaps return an
error, instead of writing "if this file is removable; then rm file; fi".

My point is that you cannot expect every pam module to first check whether the
thing it would like to do would have actually any effect, and then only do it
if it would. I perfectly agree with this pam module: if it wants you to add
group memberships, then it adds it. If it fails to do so, returns an error.
That's it. And I guess pam_group is just one module that happened to trigger
this behavior for me, most likely there are many other pam modules like this.

AFAIK pam is designed to run as root. Anything you want to do as normal user
should go out of pam into some .profile or similar. So calling a pam function
as non-root is IMHO definitely an openssh bug, PAM shouldn't expect and
workaround this situation.




------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.