Categories
Internet, Unix en security

A /tmp for every user

With the transition towards /run some temporary files will move towards /run/user/, but enough files remain in /tmp. Files that may leak information or be a point of code injection as shown with CVE-2012-3355. A first step is to create a temporary directory for every user when he or she logs in to restrict the […]

Categories
System Administration

Create home directory on first login

Creating home directories for new users can be a difficult task and especially in an LDAP-based environment, but most PAM installations have the option to create a new home directory before the user login is completed. Debian also ships the module mpam_mkhomedir, but without a manifest to set it up correctly. Bug 640918 covers this […]

Categories
Internet, Unix en security

Using PAM to allow access

Over the years PAM (Pluggable Authentication Modules) has become the standard on Solaris and Linux, and others like AIX and the known BSD’s are following. But by default, all services that use PAM are allowing all users to use it unless the service itself takes action. So why not bring the authorization part to PAM […]

Categories
Internet, Unix en security

PAM bug hit Debian and others

It has been years since PAM was hit by a serious bug in PAM, but people who upgrade to libpam-systemd version 44-1 can find that sudo stops working. Reading the bugreport on Debian and FreeDesktop.org it doesn’t look promising as it also effects other distributions. For now it may be wise put systemd on hold […]