mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-02-15 05:03:03 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
77825f8ae7656b185665e21c405015d2a052d2ed
poky/meta/recipes-extended/shadow/files/pam.d/su
Qiang Chen fedd84f7ee shadow: remove reference to locale env files from login and su 
/etc/default/locale missing message appears when login
and running su <user>

qemu0 login[4189]: pam_env(login:session): Unable to open env file: /etc/default/locale: No such file or directory
qemu0 login[4189]: pam_unix(login:session): session opened for user root by LOGIN(uid=0)

qemu0 su[999]: pam_env(su:session): Unable to open env file: /etc/default/locale: No such file or directory
qemu0 su[999]: pam_unix(su:session): session opened for user root by root(uid=0)

This commit remove reference from pam.d/login and pam.d/su
to /etc/default/locale env file to avoid the error messages
as RHEL, fedora does.

(From OE-Core rev: 010ffabfb8631bd4894cc3f1f6f0834f3279f30c)

Signed-off-by: Qiang Chen <qiang.chen@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2013-12-09 18:01:43 +00:00

2.1 KiB
Raw Blame History

The PAM configuration file for the Shadow `su' service

This allows root to su without passwords (normal operation)

auth sufficient pam_rootok.so

Uncomment this to force users to be a member of group root

before they can use `su'. You can also add "group=foo"

to the end of this line if you want to use a group other

than the default "root" (but this may have side effect of

denying "root" user, unless she's a member of "foo" or explicitly

permitted earlier by e.g. "sufficient pam_rootok.so").

(Replaces the `SU_WHEEL_ONLY' option from login.defs)

auth required pam_wheel.so

Uncomment this if you want wheel members to be able to

su without a password.

auth sufficient pam_wheel.so trust

Uncomment this if you want members of a specific group to not

be allowed to use su at all.

auth required pam_wheel.so deny group=nosu

Uncomment and edit /etc/security/time.conf if you need to set

time restrainst on su usage.

(Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs

as well as /etc/porttime)

account requisite pam_time.so

This module parses environment configuration file(s)

and also allows you to use an extended config

file /etc/security/pam_env.conf.

parsing /etc/environment needs "readenv=1"

session required pam_env.so readenv=1

Defines the MAIL environment variable

However, userdel also needs MAIL_DIR and MAIL_FILE variables

in /etc/login.defs to make sure that removing a user

also removes the user's mail spool file.

See comments in /etc/login.defs

"nopen" stands to avoid reporting new mail when su'ing to another user

session optional pam_mail.so nopen

Sets up user limits, please uncomment and read /etc/security/limits.conf

to enable this functionality.

(Replaces the use of /etc/limits in old login)

session required pam_limits.so

The standard Unix authentication modules, used with

NIS (man nsswitch) as well as normal /etc/passwd and

/etc/shadow entries.

auth include common-auth account include common-account session include common-session