Re: Linux UID/GID 'Feature'

Andrew G. Morgan (morgan@PARC.POWER.NET)
Sun, 11 May 1997 19:33:52 -0700

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Jason R Mastaler: "sendmail 8.8.6 Beta release available"
Previous message: vsn: "Re: Win95 DoS Fix"
Maybe in reply to: David Phillips: "Linux UID/GID 'Feature'"
Next in thread: Philippe Regnauld: "Re: Linux UID/GID 'Feature'"

Jon Lewis wrote:
> This looks like Red Hat PAM breakage. I verified it works (gives root) on
> my Red Hat 4.1 box, but it does not on any of my Slackware based boxes
> that are shadow upgraded.

As has been pointed out, it is actually a libc problem. The pam_unix_....so
modules use libc, so these modules will exhibit this unfortunate behavior.
Admins should beware that if libc has a hand in the process of changing a
user's password the corresponding UID entry in /etc/passwd will be
explicitly reset to 0.

Fortunately, pam_pwdb (a plug-in replacement for pam_unix_..), which does
not use libc for any authentication related actions, does not suffer from
this problem. So Linux-PAM based systems can be made resistant to this
"administrative problem" by putting pam_pwdb in all the places that their
pam configuration refers to pam_unix_...

PS. I'd really like to hear from anyone that _can_ break Linux-PAM in any
way... [Use the "source" (Luke ;^)]

Cheers

Andrew

--
               Linux-PAM, libpwdb, Orange-Linux and Linux-GSS
                  http://parc.power.net/morgan/index.html

Next message: Jason R Mastaler: "sendmail 8.8.6 Beta release available"
Previous message: vsn: "Re: Win95 DoS Fix"
Maybe in reply to: David Phillips: "Linux UID/GID 'Feature'"
Next in thread: Philippe Regnauld: "Re: Linux UID/GID 'Feature'"