How does SSH become an arbitrary user without effective root?
SSH should not become a different user; it should call something like `/bin/login` which uses PAM for authentication and is capable of starting user sessions.
SSH should not become a different user; it should call something like `/bin/login` which uses PAM for authentication and is capable of starting user sessions.