All of lore.kernel.org
 help / color / mirror / Atom feed
From: Steve Grubb <sgrubb@redhat.com>
To: linux-audit@redhat.com
Subject: Re: Place to call pam_loginuid in the pam session stack
Date: Tue, 22 Apr 2014 14:59:46 -0400	[thread overview]
Message-ID: <3716388.pv1iY2ROQ0@x2> (raw)
In-Reply-To: <20140422193044.1778e7b5@fornost.bigon.be>

On Tuesday, April 22, 2014 07:30:44 PM Laurent Bigonville wrote:
> Hello,
> 
> This is maybe a dumb question, but is there any preferred place in the
> pam session stack to call pam_loginuid?
> 
> Is it preferable to call it just after "pam_selinux close" or is any
> place OK? I guess the sooner the better so the needed information are
> present to audit what the other pam modules are doing?

I think that as long as its set before a user can cause any action to occur on 
their behalf is all that is required. If there is a pam module that looks in a 
user's home directory for settings and then does something based on that, then 
you'd need to set it before that module.

-Steve

  reply	other threads:[~2014-04-22 18:59 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-04-22 17:30 Place to call pam_loginuid in the pam session stack Laurent Bigonville
2014-04-22 18:59 ` Steve Grubb [this message]
2014-04-22 20:10   ` Daniel J Walsh

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=3716388.pv1iY2ROQ0@x2 \
    --to=sgrubb@redhat.com \
    --cc=linux-audit@redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.