-   Linux - General (
-   -   pam_exec run script as user that's logging in (

arizonagroovejet 08-22-2011 06:23 AM

pam_exec run script as user that's logging in
I've got pam_exec calling a script from the session part of the pam stack. The script runs as root. Does anyone know how to make the script run as the user that's logging in?

I can make a script that runs as root run a script as $PAM_USER using su

su - ${PAM_USER} -c /path/to/a/script
but that seems inelegant.

What I'm specifically trying to achieve at the moment is to access the DESKTOP_SESSION environment variable of the user that's logging in so I can see what desktop environment they're using.

Edit @ Mon Aug 22 14:10:30 BST 2011
Accessing DESKTOP_SESSION via su isn't possible because it's not set it's not set in the session that's created by su! Doh. Original question on how to run the script as the user that's logging in stands...

chrism01 08-22-2011 08:39 PM

I don't think that's set until after login ie after PAM.
How about checking during /etc/profile ?

arizonagroovejet 08-23-2011 02:59 AM


Originally Posted by chrism01 (Post 4450678)
How about checking during /etc/profile ?

Yeah that's doable. Forget finding DESKTOP_SESSION though, I can get to that via means other than a pam_session script.

I still want to know if it's possible to make pam_exec run the script with the permissions of the user that's logging in. pam_script appears to be able to do it but I'd rather use pam_exec since it's supplied as part of pam.

All times are GMT -5. The time now is 01:19 PM.