Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
PBM: $TMP directory inaccessible with LXDM and PAM/mktemp
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Desktop Environments
View previous topic :: View next topic  
Author Message
VinzC
Watchman
Watchman


Joined: 17 Apr 2004
Posts: 5082
Location: Dark side of the mood

PostPosted: Sat Apr 07, 2012 7:24 pm    Post subject: PBM: $TMP directory inaccessible with LXDM and PAM/mktemp Reply with quote

Hi all.

Today I wanted to provide secure TMP directories to my user accounts hence enabled PAM "mktemp" use flag. To my surprise $TMP contains /tmp/.private/nobody regardless of who opens an LXDE session 8O .
Code:
media@scotty ~ $ echo $TMP
/tmp/.private/nobody

Listing $TMP yields a "permission denied" of course. I think that's also the reason why pcmanfm doesn't start anymore.

This issue ocurs only when I log on from LXDM; everything's fine when I log on a tty. Does anyone have an idea what I should do to fix this?

Thanks in advance for any hint or suggestion.
_________________
Gentoo addict: tomorrow I quit, I promise!... Just one more emerge...
1739!
Back to top
View user's profile Send private message
VinzC
Watchman
Watchman


Joined: 17 Apr 2004
Posts: 5082
Location: Dark side of the mood

PostPosted: Mon Apr 30, 2012 8:14 am    Post subject: Reply with quote

Looks like there's a currently in-process bug about this.
_________________
Gentoo addict: tomorrow I quit, I promise!... Just one more emerge...
1739!
Back to top
View user's profile Send private message
kimmie
Guru
Guru


Joined: 08 Sep 2004
Posts: 531
Location: Australia

PostPosted: Sat May 12, 2012 4:30 pm    Post subject: Reply with quote

FYI, pam with USE=mktemp doesn't play well with samba either: https://bugzilla.samba.org/show_bug.cgi?id=5987
Back to top
View user's profile Send private message
VinzC
Watchman
Watchman


Joined: 17 Apr 2004
Posts: 5082
Location: Dark side of the mood

PostPosted: Sat May 12, 2012 5:56 pm    Post subject: Reply with quote

Yeah, sounds so. I just wonder why this "nobody" thing and what «[...] when the user is switched
during authentication
» is supposed to mean.
_________________
Gentoo addict: tomorrow I quit, I promise!... Just one more emerge...
1739!
Back to top
View user's profile Send private message
kimmie
Guru
Guru


Joined: 08 Sep 2004
Posts: 531
Location: Australia

PostPosted: Sun May 13, 2012 10:53 pm    Post subject: Reply with quote

The smbd daemon runs as root. When a connection occurs it creates a private tmp directory with uid of nobody, and spawns a process to handle the session which uses that tempory directory as it's current directory. The session process then switches to the uid of the connected user, after which it can no longer access its own current directory. Kaboom!
Back to top
View user's profile Send private message
VinzC
Watchman
Watchman


Joined: 17 Apr 2004
Posts: 5082
Location: Dark side of the mood

PostPosted: Mon May 14, 2012 7:50 am    Post subject: Reply with quote

Hmmm... it then means LXDM runs that way too or uses such a mechanism, right? Anyway this user switching that is said PAM doesn't like rather means pam_mktemp doesn't like it if I've gotten it right. Also it looks questionable to me as to switching to user nobody beforehand because it might happen that concurrent authentications do clash; I might be wrong of course since I'm no PAM specialist.
_________________
Gentoo addict: tomorrow I quit, I promise!... Just one more emerge...
1739!
Back to top
View user's profile Send private message
kimmie
Guru
Guru


Joined: 08 Sep 2004
Posts: 531
Location: Australia

PostPosted: Mon May 14, 2012 8:39 am    Post subject: Reply with quote

I'm not sure what happens where, but yeah, it looks like both LXDM and samba have similar issues with pam_mktemp.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Desktop Environments All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum