* "Donaldson, Matthew"
| If it were just replacing login, I would agree with you. But not everything
| coming into a Unix system comes via login. There are a number of daemons,
| X-window systems and so forth that do their own thing. On top of the
| existing ones, someone might decide to compile some ssh version or some other
| daemon, and put that up. Anything that creates a process on a Unix system
| and runs things is a potential entry point. It need not be even be related
| to loggin in. Cron, for example, runs processes as different users, but
| doesn't run login.
PAM handles this quite nicely.
I've hacked together a PAM module which sets TMPDIR (and TMP) to
/tmp/user/uid, which I could probably make available (mail me if you
are interested). Fixing programs to use TMP and TMPDIR is the correct
solution.
--
Tollef Fog Heen
Unix _IS_ user friendly... It's just selective about who its friends are.
