table of contents
PAM_TMPDIR(8) | System Manager's Manual | PAM_TMPDIR(8) |
NAME¶
pam_tmpdir - PAM module for creating a secure directory for users' temporary files
SYNOPSIS¶
pam_tmpdir.so
DESCRIPTION¶
This module can be plugged into the session stack of a given service to provide secure, per-user directories for temporary files.
OPTIONS¶
The directory in which the users' temporary directories are created can be set using an entry in /etc/security/tmpdir.conf:
tmpdir=/path/to/tmpdir
The default is /tmp/user.
MODULE TYPES PROVIDED¶
Although this is intended to be used with the session module type, it also provides account, auth, and password module types.
RETURN VALUES¶
- PAM_SUCCESS
- The temporary directory was successfully created.
- PAM_ABORT
- An error occurred when attempting to create the temporary directory.
- PAM_SERVICE_ERR
- An internal error occurred.
EXAMPLES¶
To allow users to login even if pam_tmpdir fails to create a safe tmpdir:
-
session optional pam_tmpdir.so
To deny login if an error occurs while setting up the safe tmpdir:
-
session required pam_tmpdir.so
NOTE: This could allow for a DoS attack if a malicious user creates /tmp/user before pam_tmpdir does.
SEE ALSO¶
AUTHOR¶
Tollef Fog Heen <tfheen@err.no>
COPYRIGHT¶
Copyright © 2002-2012 Tollef Fog Heen <tfheen@err.no>.
This is free software; see the source for copying conditions.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.