NAME

pam_tmpdir - PAM module for creating a secure directory for users' temporary files

SYNOPSIS

pam_tmpdir.so

DESCRIPTION

This module can be plugged into the session stack of a given service to provide secure, per-user directories for temporary files.

OPTIONS

The directory in which the users' temporary directories are created can be set using an entry in /etc/security/tmpdir.conf:

tmpdir=/path/to/tmpdir

The default is /tmp/user.

MODULE TYPES PROVIDED

Although this is intended to be used with the session module type, it also provides account, auth, and password module types.

RETURN VALUES

PAM_SUCCESS

The temporary directory was successfully created.

PAM_ABORT

An error occurred when attempting to create the temporary directory.

PAM_SERVICE_ERR

An internal error occurred.

EXAMPLES

To allow users to login even if pam_tmpdir fails to create a safe tmpdir:

session    optional     pam_tmpdir.so
    

To deny login if an error occurs while setting up the safe tmpdir:

session    required     pam_tmpdir.so
    

NOTE: This could allow for a DoS attack if a malicious user creates /tmp/user before pam_tmpdir does.

SEE ALSO

pam-tmpdir-helper(8)

AUTHOR

Tollef Fog Heen <tfheen@err.no>

COPYRIGHT

Copyright © 2002-2012 Tollef Fog Heen <tfheen@err.no>.

This is free software; see the source for copying conditions.

There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.