git.ipfire.org Git - thirdparty/shadow.git/commit

author	Tobias Stoeckmann <tobias@stoeckmann.org>
	Tue, 14 Jan 2025 16:42:21 +0000 (17:42 +0100)
committer	Serge Hallyn <serge@hallyn.com>
	Thu, 16 Jan 2025 03:36:13 +0000 (21:36 -0600)
commit	d012c2ba684651a217ef9491a999b6a735b57526
tree	2f984a6c6925fe49e171986995a541b10330fb0f	tree
parent	950cd40607004a9257808184008e54ec07f205f8	commit \| diff

chage: Drop PAM support

The PAM support was only enabled with configure option
--enable-account-tools-setuid. The other account tools would use PAM
then to verify that the user is granted elevated permissions for
actions which normally only root can do.

In chage, however, any non-root user who does not specify the -l
command line option is denied access in check_perms. The check for
being root or not is done with getuid, so non-root users cannot
change user account's aging information in any possible way since
more than 18 years by now.

It's safe to say that nobody misses this non-existing feature. Biggest
benefit is to get chage out of the ACCT_TOOLS_SETUID group of tools.

Reviewed-by: Alejandro Colomar <alx@kernel.org>
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>

etc/pam.d/Makefile.am		diff \| blob \| blame \| history
etc/pam.d/chage	[deleted file]	blob \| blame \| history
man/chage.1.xml		diff \| blob \| blame \| history
src/Makefile.am		diff \| blob \| blame \| history
src/chage.c		diff \| blob \| blame \| history