Scroll to navigation

PAM_TMPDIR(8) System Manager's Manual PAM_TMPDIR(8)

NAME

pam_tmpdir - PAM module for creating a secure directory for users' temporary files

SYNOPSIS

pam_tmpdir.so

DESCRIPTION

This module can be plugged into the session stack of a given service to provide secure, per-user directories for temporary files.

OPTIONS

The directory in which the users' temporary directories are created can be set using an entry in /etc/security/tmpdir.conf:

tmpdir=/path/to/tmpdir

The default is /tmp/user.

MODULE TYPES PROVIDED

Although this is intended to be used with the session module type, it also provides account, auth, and password module types.

RETURN VALUES

The temporary directory was successfully created.
An error occurred when attempting to create the temporary directory.
An internal error occurred.

EXAMPLES

To allow users to login even if pam_tmpdir fails to create a safe tmpdir:

session    optional     pam_tmpdir.so
    

To deny login if an error occurs while setting up the safe tmpdir:

session    required     pam_tmpdir.so
    

NOTE: This could allow for a DoS attack if a malicious user creates /tmp/user before pam_tmpdir does.

SEE ALSO

pam-tmpdir-helper(8)

AUTHOR

Tollef Fog Heen <tfheen@err.no>

COPYRIGHT

Copyright © 2002-2012 Tollef Fog Heen <tfheen@err.no>.

This is free software; see the source for copying conditions.

There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.