From a085d46c567b0b5dbbaddd8f3e5873d87d904c4a Mon Sep 17 00:00:00 2001 From: Patrick Schleizer Date: Wed, 14 Aug 2019 09:31:58 +0000 Subject: [PATCH] change priories so "pam_umask.so usergroups umask=006" runs before pam_exec.so /usr/lib/security-misc/permission-lockdown --- usr/share/pam-configs/mkhomedir-security-misc | 2 +- usr/share/pam-configs/permission-lockdown-security-misc | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/usr/share/pam-configs/mkhomedir-security-misc b/usr/share/pam-configs/mkhomedir-security-misc index 1dfc0a2..7e87e21 100644 --- a/usr/share/pam-configs/mkhomedir-security-misc +++ b/usr/share/pam-configs/mkhomedir-security-misc @@ -1,6 +1,6 @@ Name: Create home directory on login (by package security-misc) Default: yes -Priority: 0 +Priority: 100 Session-Type: Additional Session-Interactive-Only: yes Session: diff --git a/usr/share/pam-configs/permission-lockdown-security-misc b/usr/share/pam-configs/permission-lockdown-security-misc index ac974e8..d5ba42c 100644 --- a/usr/share/pam-configs/permission-lockdown-security-misc +++ b/usr/share/pam-configs/permission-lockdown-security-misc @@ -1,6 +1,6 @@ Name: prevent others from reading one's home folder (by package security-misc) Default: yes -Priority: 500 +Priority: 50 Session-Type: Additional Session: optional pam_exec.so debug seteuid log=/var/log/permission-lockdown-security-misc /usr/lib/security-misc/permission-lockdown