Bug 242578 - pam_namespace uses wrong users namespace
pam_namespace uses wrong users namespace
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: pam (Show other bugs)
All Linux
low Severity high
: ---
: ---
Assigned To: Tomas Mraz
Depends On:
  Show dependency treegraph
Reported: 2007-06-04 17:35 EDT by Ted X Toth
Modified: 2008-04-04 10:16 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2008-04-04 10:16:31 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
patch (13.61 KB, patch)
2007-06-04 17:35 EDT, Ted X Toth
no flags Details | Diff
patch (719 bytes, patch)
2007-06-04 17:49 EDT, Ted X Toth
no flags Details | Diff

  None (edit)
Description Ted X Toth 2007-06-04 17:35:59 EDT
Description of problem:
The current implementation neglects to recognize that the pam requesting user
(PAM_RUSER) and the authenticating user (PAM_USER) can have different namespaces
by virtue of the use of $HOME or $USER in the namespace.conf file. This
oversight can among other things cause pam_namespace to attempt to unmount
directories that don't exist and weren't intended to be polyinstantiated. When
the unmount fails so does authentication.

Version-Release number of selected component (if applicable):

How reproducible:
Configure a user directories to be polyinstantiated using $HOME something like
$HOME/foo but override for user root. You will need the patch submitted for bug
237163 for this to work. Don't forget to create the instance directory in the
test users home directory ($HOME/foo.inst). Configure login and su to use
pam_namespace. Also use the debug option. For su use the unmnt_remnt option as
per the man page. Login in as a user and then try and su to root. In
/var/log/secure you should see a message to the effect that umount failed
because /root/foo doesn't exist and the su will fail.

Steps to Reproduce:
Actual results:

Expected results:

Additional info:
Comment 1 Ted X Toth 2007-06-04 17:35:59 EDT
Created attachment 156136 [details]
Comment 2 Ted X Toth 2007-06-04 17:49:57 EDT
Created attachment 156137 [details]

Sorry the previous patch was bad.
Comment 3 Tomas Mraz 2008-04-04 10:16:31 EDT
This bug is fixed in Linux-PAM-1.0 which will be included in the next release of
Red Hat Enterprise Linux.

Note You need to log in before you can comment on or make changes to this bug.