/pam_mktemp

Provide per-user private directories under /tmp as part of PAM session or account management

Primary LanguageCOtherNOASSERTION

pam_mktemp is a PAM module that may be used with a PAM-aware login
service to provide per-user private directories under /tmp as part
of PAM session or account management.

When an interactive (shell) session is started, a directory is created
and the environment variables TMPDIR and TMP are set to the name of
the directory.

According to some "out of the box" SELinux policies, /tmp/.private and
/tmp/.private/USER directories created by this module running from
processes like login and sshd would inherit a login process context
instead of /tmp directory or user context.  As a result, user processes
would have problems creating files in such "login-owned" directories.
When the module is built with SELinux support ("make USE_SELINUX=1"), it
creates directories in the proper context.

Please note that there's a security risk of using pam_mktemp along with
tmpwatch(8) and maybe with some other "/tmp cleaners", but stmpclean(8)
is known to be safe.  If you must use a "/tmp cleaner" that exposes the
problem (although you'd better not), this risk may be avoided by
enabling pam_mktemp's USE_APPEND_FL compile-time setting
("make USE_APPEND_FL=1") _and_ keeping /tmp on an ext2, ext3, or ext4
filesystem.  Please refer to comments in pam_mktemp.c for more detail on
the issue.  Once again, it is better to switch to using a "/tmp cleaner"
that does not expose the problem.

$Owl: Owl/packages/pam_mktemp/pam_mktemp/README,v 1.2 2010/09/17 22:24:36 solar Exp $