[Pkg-shadow-devel] Re: {user,group}{add,mod,del} now PAMified
Alexander Gattin
xrgtn at yandex.ru
Wed Nov 9 19:42:41 UTC 2005
Hi!
On Wed, Nov 09, 2005 at 02:18:08AM -0800, Steve Langasek wrote:
> I understand how it *could* be used; I'm just not convinced that it's
> generally worthwhile, or that it's worth the extra complexity.
I see your point. I think I could propose more
arguments but with the same trend anyway. Basically we
should reach some agreement within shadow team to
make a decision.
> > Also, PAM could be used for mounting files R/W then
> > remounting R/O back after session terminates...
>
> So could a shell wrapper in /usr/local/sbin, though...?
Yes, a similar wrapper could sync NIS after each change
to unix account databases. But e.g. adduser does (well,
tries to do ;)) this by itself...
> If there's no actual need for authentication/authorization
> functionality,
Why no?
Let's consider /usr/bin/passwd. This tool authenticates
ordinary users by e.g. asking password while
"authenticates" root just by uid. Why? Because
authentication of root is considered pointless, for
user with uid==0 already has all possible privileges
(so he can just edit /etc/shadow or /etc/pam.d/passwd
by hand, replace /usr/bin/passwd or otherwise achieve
the _same goal_).
This assumption is no more true with role-based
security systems like grsec. Different programs run by
root can have different privileges. For example, root
running /usr/bin/vi can have less privileges WRT
/etc/shadow than root running /usr/bin/passwd.
> I don't think it makes sense to use PAM
> just on the theory that people *could* write PAM
> modules to extend functionality.
Actually, apt mentions this "remount,rw" trick using
Pre-Invoke and Post-Invoke scripts. It's quite common.
--
WBR,
xrgtn
More information about the Pkg-shadow-devel
mailing list