1pmvarrun(8) pam_mount pmvarrun(8)
2
6 pmvarrun - updates /var/run/pam_mount/user
7
9 pmvarrun -u user [options]
10
12 A separate program is needed so that /var/run/pam_mount/user may be
13 created with a pam_mount-specific security context (otherwise SELinux
14 policy will conflict with gdm, which also creates file in /var/run).
15 pmvarrun is flexible and can run in a number of different security set‐
17 ups:
18 root-root
20 When pmvarrun is invoked as root, /var/run/pam_mount's permission set‐
21 tings can be as strict as needed; usually (0755,root,root) is a good
22 pick as it gives users the debug control over their refcount. Refcount
23 files are given their respective owners (chowned to the user who logs
24 in).
25 user-user
27 When invoked as the user who logs in, /var/run/pam_mount needs appro‐
28 priate permissions to create a file, which means the write bit must be
29 set. It is also highly suggested to set the sticky bit in this case, so
30 other users do not tamper with your refcount.
31 root-user
33 Some programs or login helpers incorrectly call the PAM stack in a way
34 that the login phase is done as root and the logout phase as a normal
35 user. Nevertheless, pmvarrun supports this, and the same permissions
36 as in root-root can be used. While the user may not be able to unlink
37 his file from /var/run/pam_mount, it will be truncated to indicate the
38 same state.
39
41 --help, -h
42 Display help.
43 --user user, -u user
45 User to handle, must be a valid username.
46 --operation number, -o number
48 Increase volume count by number.
49 -d Turn on debugging.
51
53 /var/run/pam_mount/user
54
56 This manpage was originally written by Bastian Kleineidam
57 <calvin@debian.org> for the Debian distribution of libpam-mount but may
58 be used by others.
59 See /usr/share/doc/packages/pam_mount/AUTHORS for the list of original
61 authors of pam_mount.
62pam_mount 2008-10-08 pmvarrun(8)