> I was actually under the impression that PAM is a query-service run as > root: how else can a user be capable of obtaining root privellages by > using su? Apparantly it works differently. > > Anyway, is there any way to make a construction to authenticate against > a module with root-only readable configuration file as a normal user? > (different than inetd/xdm, which does not have the features I need for > this group of users). > > > Sincerely, > Sebastiaan > > >
It doesn't su. The PAM implementation in TigerVNC currently only authenticate you, but does not setuid to the authenticated user. I have a patch that setuid if you want - but - it only works fine if you use it from inetd. For standalone operation, you would need to make the server run as root and fork away and setuids the childs (basically doing what inetd does). Alternatively it could setuid the first time only then use password only for verification once it's "setuid'd" but that doesn't sound very clean to me on the design point of view. Re-"setuid'ing" on demand of the same already running VNC server would end up in troubles (eg you're looking at the desktop of user X while authenticated as Y who shouldn't have access to X) -- Guillaume Destuynder - m-privacy GmbH - Am Köllnischen Park 1, 10179 Berlin Tel: +49 30 24342334 Fax: +49 30 24342336 Web: http://www.m-privacy.de, http://oss.m-privacy.de Handelsregister: Amtsgericht Charlottenburg HRB 84946 Geschäftsführer: Dipl.-Kfm. Holger Maczkowsky, Roman Maczkowsky GnuPG-Key-ID: 0x3FB1D217 ------------------------------------------------------------------------------ Free Software Download: Index, Search & Analyze Logs and other IT data in Real-Time with Splunk. Collect, index and harness all the fast moving IT data generated by your applications, servers and devices whether physical, virtual or in the cloud. Deliver compliance at lower cost and gain new business insights. http://p.sf.net/sfu/splunk-dev2dev _______________________________________________ Tigervnc-devel mailing list Tigervnc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tigervnc-devel
