updates without password?

Mikkel L. Ellertson mikkel at infinity-ltd.com
Mon Feb 25 23:54:05 UTC 2008 

Valent Turkovic wrote:
> 2008/2/25 Mikkel L. Ellertson <mikkel at infinity-ltd.com>:
>> Valent Turkovic wrote:
>>  > 2008/2/22 Mikkel L. Ellertson <mikkel at infinity-ltd.com>:
>>  >> Valent Turkovic wrote:
>>  >>  > How can I configure pup so that it doesn't ask for root password every
>>  >>  > time I need to do an update?
>>  >>  >
>>  >>  One way would be to edit /etc/pam.d/pup and change it to something like:
>>  >>
>>  >>  #%PAM-1.0
>>  >>  auth            include         config-util
>>  >>  auth            sufficient      pam_console.so
>>  >>  account         include         config-util
>>  >>  session         include         config-util
>>  >>
>>  >>  I have not tested it, but it should let the "console owner" run pup
>>  >>  without a password. If it does not work, you can try exchanging the
>>  >>  two auth statements, but this is more of a security risk. (It
>>  >>  probably does not matter for a home system.)
>>  >
>>  > I wouldn't do this if it wasn't my personal home system...
>>  >
>>  > I did this and I'm waiting for updates to let you know if it works :)
>>  >
>>  > Thank you.
>>  >
>>  > Cheers,
>>  > Valent.
>>  >
>>  >
>>  Well, if I make it:
>>  #%PAM-1.0
>>
>> auth            sufficient      pam_console.so
>>  auth            include         config-util
>>
>> account         include         config-util
>>  session         include         config-util
>>
>>  I can run pup from the command line without it asking for root's
>>  password. So unless the applet is calling something different, it
>>  should work.
>>
>>
>>
>>  Mikkel
> 
> This doesn't work:
> 
> # cat /etc/pam.d/pup
> #%PAM-1.0
> auth            include         config-util
> auth            sufficient      pam_console.so
> account         include         config-util
> session         include         config-util
> 
> 
> but this works:
> 
> # cat /etc/pam.d/pup
> #%PAM-1.0
> auth            sufficient      pam_console.so
> auth            include         config-util
> account         include         config-util
> session         include         config-util
> 
> 
> I followed the previous post that had "auth            sufficient
> pam_console.so" as a second line but it only works if you put it as
> first line, as you wrote here...
> 
> Thanks!
> 
> Valent.
> 
I am glad to hear it. I was not sure if the first form would work. 
That is why I added "If it does not work, you can try exchanging the 
two auth statements" in the first message. I guess I should have 
been clearer in that message. I know just enough about how PAM does 
things to be dangerous.

Mikkel
-- 

   Do not meddle in the affairs of dragons,
for thou art crunchy and taste good with Ketchup!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20080225/fd084d27/attachment-0001.sig>

More information about the fedora-list mailing list