[Pkg-shadow-devel] {user,group}{add,mod,del} now PAMified
Nicolas François
nicolas.francois at centraliens.net
Mon Nov 7 23:15:41 UTC 2005
Hi Steve,
On Mon, Nov 07, 2005 at 05:37:05AM -0800, vorlon at debian.org wrote:
> On Mon, Nov 07, 2005 at 01:21:43AM +0100, Nicolas François wrote:
>
> > This is related to the discussion on #shadow.
> > (I've read the backlog of last Friday).
>
> > Here are some reasons I can see for the PAMification of
> > {user,group}{add,mod,del} (and also others: chage chfn chsh newusers).
>
> I have no objections to the use of PAM for chage/chfn/chsh; these are all
> sgid/suid applications which provide services to non-privileged users, so it
> is *expected* that PAM would be used for these services on Debian.
>
> The question is {user,group}{add,mod,del} only, which are not suid-root and
> should not be.
You're right regarding these utilities.
An user who can write in the password and group files can use these tools.
Other users will be rejected anyway, and don't need to be authenticated.
Tomasz, do you think we will miss something if we do not build the
{user,group}{add,mod,del} tools with the PAM support?
Do you install these tools suid on PLD?
Best Regards,
--
Nekral
More information about the Pkg-shadow-devel
mailing list