pam_exec run script as user that's logging in

arizonagroovejet · 08-22-2011, 06:23 AM

I've got pam_exec calling a script from the session part of the pam stack. The script runs as root. Does anyone know how to make the script run as the user that's logging in?

I can make a script that runs as root run a script as $PAM_USER using su

Code:

su - ${PAM_USER} -c /path/to/a/script

but that seems inelegant.

What I'm specifically trying to achieve at the moment is to access the DESKTOP_SESSION environment variable of the user that's logging in so I can see what desktop environment they're using.

Edit @ Mon Aug 22 14:10:30 BST 2011
Accessing DESKTOP_SESSION via su isn't possible because it's not set it's not set in the session that's created by su! Doh. Original question on how to run the script as the user that's logging in stands...

chrism01 · 08-22-2011, 08:39 PM

I don't think that's set until after login ie after PAM.
How about checking during /etc/profile ?

arizonagroovejet · 08-23-2011, 02:59 AM

Quote:

Originally Posted by chrism01

How about checking during /etc/profile ?

Yeah that's doable. Forget finding DESKTOP_SESSION though, I can get to that via means other than a pam_session script.

I still want to know if it's possible to make pam_exec run the script with the permissions of the user that's logging in. pam_script appears to be able to do it but I'd rather use pam_exec since it's supplied as part of pam.