|
There is an additional twist in the
authentication story that can cause considerable confusion if
not properly understood. This twist is caused by a concept
called Process Authentication Groups (PAGs).
A PAG is a group of UNIX processes (running
programs) defined by a starting process (such as a login shell
or a sub-shell) and all of the processes that were started by
that starting process. For example, when you log in remotely,
you are given a single UNIX shell (which displays the UNIX %
prompt for you and accepts commands). This shell, and all of the
programs that you execute or start within that shell, are part
of the same PAG, unless you explicitly create a new PAG.
When you log in to a UNIX machine locally using
the Xdm program, your .xsession file is executed
by a process. That process, and all of the programs that are
started by that process (including all the X applications that
are started in your .xsession file) are part of the same
PAG, unless you explicitly create a new PAG.
There is one special PAG, which we will call the
system PAG, which is the group of all processes that
aren’t part of another PAG. This will become important in a
moment. |