SELinux help
Daniel J Walsh
dwalsh at redhat.com
Tue Sep 7 15:04:32 UTC 2010
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 09/05/2010 07:22 PM, Chris Smart wrote:
> On Fri, Sep 3, 2010 at 11:15 PM, Daniel J Walsh <dwalsh at redhat.com> wrote:
>> I am not sure what system-config-authorization is doing, is it setting
>> up pam_oddjob_mkhomedir or pam_mkhomedir. It would be better if it used
>> pam_oddjob_mkhomedir.
>
> It appears to be setting up pam_mkhomedir..
>
> -c
I think there is a open bug report about changing this to use
pam_oddjob_mkhomedir.
The problem with pam_mkhomedir is that it runs under the context of the
login programs, which requires us to give all login programs the ability
to manage all content within the users homedir. We are trying to
confine apps like sshd/xdm/rlogind from this access, to prevent flaws
that could reveal data in the homedir without have a login password.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAkyGVIAACgkQrlYvE4MpobOBdwCgjMipL9Ev4ZILGtv7E8Q5gs4I
5q4AnifmE2BwZZEeq3Z6iiYMMKLrSth7
=lUPe
-----END PGP SIGNATURE-----
More information about the users
mailing list