Question regarding pam.conf

Amit Kumar k_amitcool at rediffmail.com
Sat Aug 29 17:05:30 UTC 2009


Hello Dan,

My requirements is when i do su -, only then group is checked.
Otherwise (i.e. su - user, where user is not part of group wheel), su - user should not be checked that rule and next module in stack is checked.

I know if it can be done using pam_group module.

Thanks
Amit

On Sat, 29 Aug 2009 18:28:38 +0530  wrote
>On 29.08.2009 15:42, Amit Kumar wrote:
> Thank you Dan.
>
> Just one more question, If i specify this -
> su auth requisite pam_group.so no_warn group=wheel fail_safe root_only
>
> PAM documentation says that above will be skipped if target user is root.
>
> However i tried ,su - tester (tester is not root and not part of wheel
> group), It denies. That's fine.
>
> Then i do su -, That is also denied.
>
> Do you have any insight into this behavior?
>
'root_only' means that only root is able to use su. If you want root to be able 
to use su without supplying the password, you should also specify 'su auth 
sufficient pam_rootok.so' line in front of pam_group.so line.
-- 

Sincerely Your, Dan.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pam-list/attachments/20090829/695a3135/attachment.htm>


More information about the Pam-list mailing list