0.73: please submit patches for this section with actual code/doc
patches!
+* add change_uid option to pam_limits, and set real uid only if
+ this option is present (Bug 124062 - baggins)
* pam_limits - set real uid to the user for who we set limits.
(Bug 123972 - baggins)
* removed static variables from pam_limits (thread safe now). (Bug
<item><tt>conf=/path/to/file.conf</tt> -
indicate an alternative <em/limits/ configuration file to the default.
+<item><tt/change_uid/ -
+change real uid to the user for who the limits are set up. Use this
+option if you have problems like login not forking a shell for user
+who has no processes. Be warned that something else may break when
+you do this.
+
</itemize>
<tag><bf>Examples/suggested usage:</bf></tag>
conf=/path/to/file the limits configuration file if different from the
one set at compile time.
+ change_uid change real uid to the user for who the limits
+ are set up. Use this option if you have problems
+ like login not forking a shell for user who has
+ no processes. Be warned that something else
+ may break when you do this.
+
MODULE SERVICES PROVIDED:
session _open_session and _close_session (blank)
/* argument parsing */
#define PAM_DEBUG_ARG 0x0001
+#define PAM_DO_SETREUID 0x0002
static int _pam_parse(int argc, const char **argv, struct pam_limit_s *pl)
{
ctrl |= PAM_DEBUG_ARG;
else if (!strncmp(*argv,"conf=",5))
strcpy(pl->conf_file,*argv+5);
+ else if (!strncmp(*argv,"change_uid",10))
+ ctrl |= PAM_DO_SETREUID;
else {
_pam_log(LOG_ERR,"pam_parse: unknown option; %s",*argv);
}
_pam_log(LOG_WARNING, "error parsing the configuration file");
return PAM_IGNORE;
}
-
- setreuid(pwd->pw_uid, -1);
+
+ if (ctrl & PAM_DO_SETREUID)
+ setreuid(pwd->pw_uid, -1);
retval = setup_limits(pwd->pw_name, ctrl, &pl);
if (retval & LOGIN_ERR) {
printf("\nToo many logins for '%s'\n",pwd->pw_name);
projects / linux-pam / commitdiff