The pamelad program

pamelad is a helper program spawned by the pamela library, at pam_start() time. It communicates with the main application process, reading requests from it, performing PAM calls, and returning results to the application process.


pamelad is not meant to be called directly. It is an unexported program, i.e. a program that the package's library is supposed to find, but that users should not run. Ideally it's kept outside of users' PATH variable.

pamelad is declared as a libexec binary, so it will probably be installed in /usr/libexec/pamelad or /usr/lib/pamela/pamelad, depending on the admin/distribution's preferences.

pamelad is run with two arguments, which are the service_name and user arguments given to the pam_start() call. This will display in a ps output, which is fine since this information is not confidential.

pamelad runs as the same uid and gid as the application. However, to increase security of applications running as root:

pamelad makes the real calls to Linux-PAM. Keep that in mind when configuring your PAM authorizations: if you're using the PAMELA_UID and PAMELA_GID variables, make sure the uid/gid are not used anywhere else, and give the proper PAM authorizations to that uid/gid pair instead of root.