pam_access origins field confusion (or missing documentation?)
Brian Mathis
brian.mathis+pam at betteradmin.com
Tue Jan 27 22:57:10 UTC 2015
I've been working on configuring pam_access to restrict access to cron
jobs. There is an example config file included that contains this line:
#+ : root : cron crond :0 tty1 tty2 tty3 tty4 tty5 tty6
However, nowhere in the documentation is it explained where the strings
'cron' and 'crond' come from. The origins field is specified as containing
tty names, host names, domain names, host addresses, internet network
numbers, internet network addresses with network mask, ALL, or LOCAL.
Nowhere is it mentioned that other things can be in there, such as for cron
is this the service name?
I've looked through the source code in pam_access.c, and I'm not a C
programmer so it's hard to say, but I don't see anything specific to
'cron', (like if this were a special case), nor anything about service
names (though "service" is mentioned on line 873).
Can anyone explain where the "cron" part comes from? I can see this being
useful for controlling access to other things if it is clear how to use
it. I'm happy to submit documentation patches once it's been explained.
P.S. The example line above is also pretty bad since the :0 for X Windows
contains a ':', which is also the field separator, so it makes it look like
it's an additional undocumented forth field in the line, only adding more
confusion to the undocumented use of 'cron crond'.
--
❧ Brian Mathis
@orev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pam-list/attachments/20150127/517f1a64/attachment.htm>
More information about the Pam-list
mailing list