0

I'm setting up an LDAP server and libpam-ldap to run on the same host, communicating via a UNIX domain socket. I'd like to give this socket the minimum permissions necessary, so random local users can't try binding to LDAP and guessing other users' passwords. However, I can't figure out what user PAM is running as during authentication.

I've tried giving ownership of the socket and containing directory to every user on the system, to no avail. The only thing that seems to work is setting a+rwx on them, which I'd rather not do.

Wolfgang
  • 101
  • 1
  • you're forgetting about ownership and group, so depending on that you can fine tweak as `a+` is generally not a good idea. – alexus May 05 '15 at 14:57
  • @alexus: I'm not forgetting about ownership & group. If I set the directory to `drwxrwx---` I can't get it to work no matter what I set the user/group to. Setting `a+rwx` was to demonstrate that it's a permissions problem, rather than (for example) a typo in the pam-ldap config. – Wolfgang May 05 '15 at 15:16

0 Answers0