confusing pam/SElinux issue FC4
P. Thompson
ptfedora2 at majordomo.thedacare.org
Mon Sep 19 21:07:26 UTC 2005
I wrote a web page with a back end script to allow my wife to "turn off
the internet" when she gets mad at our daughter.
It basically uses sudo to allow the apache user to turn off or on IP
forwarding which disables internet for our XP machine living behind the
FC4 firewall.
This all worked fine on FC3 after I got the SE linux rules worked out to
allow everything to happen. It works not at all under FC4.
The sudo that the apache user does to turn off forwarding appears to
function, but PAM then errors and fails:
This is what pam spits into the /var/log/secure file:
Sep 17 22:16:22 monotheletisia sudo: apache : pam_authenticate: System
error ; TTY=unknown ; PWD=/var/www/internet/scripts ; USER=root ;
COMMAND=/var/www/html/internet/scripts/nointernet 0
Nothing appears in the /var/log/audit/audit.log when this pam error
happens, so I am assuming that SElinux is OK??
Google is not forthcoming on the issue of "pam_authenticate System error".
The best I can find is that it means "The pam_handle_t passed as a first
argument to this function was invalid."
However, I am not making the system call, sudo is. So is the a bug,
misconfiguration, my dumb error or other in sudo or in pam?
The /var/www/html/internet/scripts/nointernet referenced above is a simple
script:
#!/bin/bash
echo $1 > /proc/sys/net/ipv4/ip_forward
More information about the users
mailing list