Bugtraq mailing list archives
PAM applications running as root (Was Re: WebTrends Enterprise Reporting Server)
From: darren.moffat () SUNUK UK SUN COM (Darren Moffat)
Date: Thu, 14 Oct 1999 14:52:59 -0700
You can run the server as root or as some other user. In order to use PAM (Pluggable Authentication Module) it has to run as root.
A general comment about PAM rather than this specific problem.
It is NOT a requirement of the PAM framework that application be running as
root. There are two cases though that make login type applications need to
run as root.
1) The password is stored in /etc/shadow which only root can read
If the password was in NIS/NIS+/LDAP then the authentication
could succeed are an ordinary user.
2) the login application needs to make setuid/setgid calls this
usually happens in the application after PAM authentication has
been completed and is thus nothing to do with PAM.
If the OS has privileges/capabilities then the application would
assert PROC_SETID/CAP_SETID instead of being root to make the
setuid/setgid calls.
--
Darren J Moffat
This posting is my own opinion and does not constitute official
support from Sun Microsystems Inc.
Current thread:
- PAM applications running as root (Was Re: WebTrends Enterprise Reporting Server) Darren Moffat (Oct 14)
- Re: PAM applications running as root (Was Re: WebTrends Enterprise Alan Cox (Oct 15)
- OpenLink 3.2 Advisory Tymm Twillman (Oct 15)
- execve bug linux-2.2.12 ben () VALINUX COM (Oct 15)
- Netscape 4.x buffer overflow Michael Breuer (Oct 15)
- Netscape 4.x buffer overflow Max Vision (Oct 18)
- Re: execve bug linux-2.2.12 Perly (Oct 15)
- Re: execve bug linux-2.2.12 visi0n (Oct 15)
- Re: execve bug linux-2.2.12 Alan Cox (Oct 16)
- Re: execve bug linux-2.2.12 ben () VALINUX COM (Oct 16)
- Re: execve bug linux-2.2.12 Matt Chapman (Oct 18)
- Netscape 4.x buffer overflow Michael Breuer (Oct 15)
(Thread continues...)