The change implemented in bug #64700 (start-stop-daemon doesn't use pam) prevent the usage of start-stop-daemon by non root users. Because the /etc/pam.d/start-stop-daemon file states that the only way to authenticate is by being root: auth sufficient pam_rootok.so I like managing some processes via start-stop-daemon from my user's crontab because this way I can use some of the nice features that start-stop-daemon provides; like change the niceness and store the pid file for sending signals to the process. So unless there is a possibility of a security issue, and I can't see how there could be one, I would like the /etc/pam.d/start-stop-daemon file to be patched in the following way: auth sufficient pam_rootok.so +auth sufficient pam_permit.so account required pam_permit.so PS: I am using sys-apps/baselayout-2.0.0_rc6-r1 Reproducible: Always Steps to Reproduce: Actual Results: $ /sbin/start-stop-daemon --start --exec /bin/echo * /sbin/start-stop-daemon: pam error: Permission denied * /sbin/start-stop-daemon: failed to start `/bin/echo' Expected Results: $ /sbin/start-stop-daemon --start --exec /bin/echo * /sbin/start-stop-daemon: /bin/echo died
I've made this change in OpenRC now. I can't see any fault in the logic, but will back out the change if then Gentoo PAM team says otherwise.
Fixed in OpenRC.
