On Fri, May 17, 2013 at 04:44:24PM +0200, Laurent Bigonville wrote: > Now that the freeze is over, could please include my patch? > > ATM the audit package is loading a PAM snippets that add this > pam_loginuid module in common-session. This has an unfortunate side > effect of breaking sudo when using systemd (it should only be called > in initial login services). > > I'm planning to make an upload in unstable soon that drop this snippet. > It would be nice if both could be synchronized. > > Do not hesitate to contact me if you have any questions.
I'm concerned about some of the side-effects of moving common-session the way your patch does. For instance, one likely effect I see is that if you're using ecryptfs and you have a mailbox in your home directory (thus presumably updated by something inside your session) then pam_mail will no longer work properly. (Yes, in the standard configuration pam_mail will only be looking in /var/mail/, but it's easily conceivable that somebody might have added a dir= parameter locally.) The ordering here is pretty delicate, and I'd need a better reason for moving it than "other PAM services are doing this". Wouldn't it be safer to insert pam_loginuid above common-session, but otherwise leave it where it is? Thanks, -- Colin Watson [[email protected]] -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
