From mboxrd@z Thu Jan  1 00:00:00 1970
From: Steve Grubb <sgrubb@redhat.com>
Subject: Re: user showing up as unset
Date: Fri, 13 May 2011 08:21:33 -0400
Message-ID: <201105130821.34218.sgrubb@redhat.com>
References: <4D8348804BD0AE4EB58593EA9539CFF5A192F6@es-22b.manassas.progeny.net>
	<201105121430.41800.sgrubb@redhat.com>
	<4D8348804BD0AE4EB58593EA9539CFF5A19352@es-22b.manassas.progeny.net>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Return-path: <linux-audit-bounces@redhat.com>
In-Reply-To: <4D8348804BD0AE4EB58593EA9539CFF5A19352@es-22b.manassas.progeny.net>
List-Unsubscribe: <https://www.redhat.com/mailman/options/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/linux-audit>
List-Post: <mailto:linux-audit@redhat.com>
List-Help: <mailto:linux-audit-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=subscribe>
Sender: linux-audit-bounces@redhat.com
Errors-To: linux-audit-bounces@redhat.com
To: "Harris, Todd" <brian.harris@progeny.net>
Cc: linux-audit@redhat.com
List-Id: linux-audit@redhat.com

On Thursday, May 12, 2011 03:07:17 PM Harris, Todd wrote:
> Last question on this topic I promise.
>    The program is one that I have very limited control over, and it's
> started by the inittab.  It is starting an xterm with "xterm -c su -
> username".  Other than adding the loginuid to the su pam stack is there
> any simple way to get the loginuid set to username?  

You should have the source code to xterm. You can change it. Its only 3 lines of code 
assuming you already did the username lookup. fopen, fwrite, fclose. Aside from that, 
you could add pam_loginuid to su's pam settings. But then you have an admin problem if 
they ever use it. So, you might want to forbid admins from using it in the pam 
settings also. Procedurally, they could use sudo.

-Steve