On some internet article I’ve read I need to replace symlinks also, but it broke system updates.
I am developing custom system daemon (something similar to UAC) and need to mount my FUSE FS on login. I created my custom PAM module and it works, but config are removed after update. I need a work to integrate my tool with PAM/system. Force user to edit PAM by himself is not good idea. Replacing symlinks under /etc/pam.d either, because it broke system updates. What to do. I added my lines to some config file, PAM use to generates files under /etc/pam.d, but after call pam_config --update, it complains securehome.so is not known to pam.
Since then, Tumbleweed has moved to package configuration files being stored in /usr/etc, with user modifications only being in /etc (existence of a config in /etc should override the default system-managed config in /usr/etc).
So you should be in good shape - but for critical configuration settings, it is always a good idea to back things up, just in case.
Problem is I need to known user password and I can obtain it only on login. Also, there cannot be programs to operate on user home without user get login (of course, there are such cases, like root do some operations, etc.), so I need to mount it on login. Also, my solution allows to mount whole home, so systemd cannot read user config before I mount fs.
I think I could use PAM_EXEC with EXPOSE_AUTHOK parameter. I must rewrite my mount program to check work with this tool. I think, I could manage it with PAM_CONFIG. It is waste of time, but PAM_CONFIG do not allow to add custom rules/module, as far as I know.
Thanks! I will rewrite some parts to use pam_mount. I cannot see information, how pam_mount pass user password to mount program, especially to FUSE FS.
I see no pam-mount.conf.xml file exists on my system. I wonder from where get template and how to install it. Also, how to add line. I think everything should be done from rpm package, during installation process.
What I decided. I decided to add user configuration path to pam-mount.conf.xml. This path will be read only for user and read-write for my config tools. When user click save, we will securehome configuration and translate it into pam-mount local configuration (XML). We also would not require user password, if we were invoked by root.
I have no experience with pam-mount so I can not help you with that, I think the linked archlinux page and the files you can find under /usr/share/doc/packages/pam_mount should provide enough information to get this working.
Ok. I install pam_mount now, sorry for trouble.
I am done at 70%, but pam_mount complain about user’s config file is not owned by user. Is there any way to force pam_mount proceed further?
Ok. I install pam_mount now, sorry for trouble.
I am done at 70%, but pam_mount complain about user’s config file is not owned by user. Is there any way to force pam_mount proceed further?
When change file ownership, pam_mount complains fs directories (volumes) are not owned by user.
I need to made mountpoint/storage dir not owned by user and everything worked until I decided to use pam_mount. It is due to security reasons, because user could try to unmount my filesystem and in next step some bad actor can mount own directory in this place.