I wrote a daemon that is started from an init-script as root, and then uses setuid and setgid to drop to a less-privileged system user and group.
A user discovered that the program breaks when he uses the libpam-tmpdir module, because TMPDIR doesn't get changed to the /tmp/user/NNN directory, so the daemon tries, unsuccessfully, to create files in /tmp. What is the correct way to handle this? I'm not very familiar with PAM, but I presume there might be other PAM modules out there that would cause similar breakage; I don't want my program to have to know about them all. I can't use an su wrapper, because the daemon needs to do some privileged things initially. Is there a high level function to "change userid, groupid and do the related PAM things" that I can use, or example code I can use? Thanks for any pointers. -- Eric Cooper e c c @ c m u . e d u -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
