#19 Allow symlinks in $SSH_AUTH_SOCK

[Igor Urazov]

Is it possible to allow module to accept a symlink in $SSH_AUTH_SOCK? Here is small background. I'm an active tmux user and I need to keep $SSH_AUTH_SOCK valid across attachments to tmux session on remote server as it used later by root via ansible. There is small hack which allows to archive this, it creates symlink with predefined name to current $SSH_AUTH_SOCK and exports new SSH_AUTH_SOCK=/path/to/symlink. Here is a good article about this topic: http://qq.is/article/ssh-keys-through-screen

But when I tried this, it appears that ssh and its tools accept symlinks, while pam_ssh_agent_auth throws error: ssh-agent socket has incorrect permissions for owner. The linked socket has correct permissions (double checked), while symlink doesn't strictly apply to permission paradigm in Linux.

[jbeverly]

Simple fix; will include in next release

[jbeverly]

Hrmm... I'm actually unable to reproduce this. What platform are you on and can you provide any more details to help me track it down?

On centos6 it behaves as I'm expecting (and the relevant bit of code is already using stat, not lstat as I had suspected having done, so it should be working):

[jamie_beverly@vzhost jamie]$ sudo -u nobody ln -fs /tmp/ssh-fSqEcf2786/agent.2786 /tmp/foobar
[jamie_beverly@vzhost jamie]$ ls -l /tmp/foobar
lrwxrwxrwx 1 nobody nobody 30 Jan 8 19:27 /tmp/foobar -> /tmp/ssh-fSqEcf2786/agent.2786
[jamie_beverly@vzhost jamie]$ echo $SSH_AUTH_SOCK
/tmp/foobar
[jamie_beverly@vzhost jamie]$ sudo -k echo hi
hi