I am facing a problem using pam_exec.so library.I have created script for session.

Pooja2505 · 02-08-2014, 04:58 AM

I am facing a problem using pam_exec.so library.I have created script my.sh in /usr/local/bin/my.sh.

The script contains

---------------------------
#!/bin/sh

echo "hello"
exit 0
-------------------------
Permission 777 is given to script.
and i have added the following in /etc/pam.d/system-auth

session required /usr/local/bin/my.sh log=/etc/logfile

but when i login into the system the script does not execute.
Please help me to solve the problem.

unSpawn · 02-08-2014, 07:16 AM

Quote:

Originally Posted by Pooja2505

Permission 777 is given to script.

That's nice but it's wrong. Owner should be root and access rights should be 0755 at most. Change it before doing anything else.

Quote:

Originally Posted by Pooja2505

i have added the following in /etc/pam.d/system-auth
session required /usr/local/bin/my.sh log=/etc/logfile

That is not how 'man pam_exec' suggests the entry should be. It could look something like

Code:

open_session optional pam_exec.so seteuid /path/to/script

Also since you're debugging make it read

Code:

open_session optional pam_exec.so debug seteuid /path/to/script

Also do not test and debug as root but only as unprivileged user and don't use system-auth for testing as you won't be able to login if you fsck things up proper.