On Tue 2018-10-30 11:03:02 -0700, Sunil Mohan Adapa wrote: > We have been setting the TMPDIR to > /var/lib/monkeysphere/authentication/tmp/ in FreedomBox for some time > now to work around the problem. So, I think, in general, this solution > is fine. However, perhaps we could conservatively use it only in the > very few situations that we actually need to share TMPDIR across two > process owned by different users.
Are you patching monkeysphere for this? or are you doing it outside of monkeysphere? on systems that i'm looking at, /varlib/monkeysphere/authentication/tmp is owned root:monkeysphere, with permissions 0750. so the monkeysphere user can read in it, but can't write. can you give an example of the specific error cases you're seeing with libpam-tmpdir? even better, perhaps this could be followup on https://bugs.debian.org/656750 :) Regards, --dkg
signature.asc
Description: PGP signature