[systemd-devel] pam: Don't use loginuid [was: Re: Fix PAM module to not clobber XDG_RUNTIME_DIR with su]
Martin Pitt
martin.pitt at ubuntu.com
Mon Nov 25 22:19:11 PST 2013
Hey Lennart,
Lennart Poettering [2013-11-26 5:12 +0100]:
> I implemented this now, using a different approach than Martin's
> original patch (i.e. I don't think it is a good idea to involve stat()
> here, instead let's just let logind pass all information to
> pam_systemd).
Thanks!
Lennart Poettering [2013-11-26 5:17 +0100]:
> That can't work. As the directory only exists when a real login session
> is around. su/sudo don't get their own login sessins, hence the dir
> doesn't necessarily exist and from the perspective of the code running
> in su/sudo the lifetime semantics of the dir wouldn't match any
> expections...
Right, as long as they don't actually get one. I (and I think Colin)
argued that "su -"/"pkexec" should (just like ssh localhost), as they
run a full PAM stack which is like logging in. But let's agree to
disagree at this point.
I'm happy that the "not your own runtime dir" issue is fixed now at
least.
Thanks,
Martin
--
Martin Pitt | http://www.piware.de
Ubuntu Developer (www.ubuntu.com) | Debian Developer (www.debian.org)
More information about the systemd-devel
mailing list