[Bug 789] pam_setcred() not being called as root

Dag-Erling Smørgrav des at des.no
Mon Jan 26 00:19:19 EST 2004

bugzilla-daemon at mindrot.org writes:
> I can't find any reference to PAM modules being guaranteed to run as root in
> either the Open Group PAM RFC [1] or the Linux PAM documentation [2], so an
> alternative viewpoint could be that pam_group is making unwarranted assumptions
> about its environment, doing unnecessary things and failing because of it :-)

There is an underlying assumption in PAM that it runs with arbitrator
privileges.  In Unix and Unix-like systems, this means root.  It makes
no sense to call pam_setcred() when you do not have the authority to
grant said credentials.

Dag-Erling Smørgrav - des at des.no

More information about the openssh-unix-dev mailing list