Bug 21467

Summary: /etc/security/access.conf error in example
Product: [Retired] Red Hat Linux Reporter: Mike McHenry <mmchenry>
Component: pamAssignee: Nalin Dahyabhai <nalin>
Status: CLOSED RAWHIDE QA Contact: Aaron Brown <abrown>
Severity: low Docs Contact:
Priority: low    
Version: 7.0CC: dr
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2000-11-29 15:22:28 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Mike McHenry 2000-11-29 06:41:15 UTC 
The example line in /etc/security/access.conf that disallows console 
access for any users except those in the wheel or root group does not work 
as is.

#-:ALL EXCEPT wheel shutdown sync:console

should instead be

#-:ALL EXCEPT wheel shutdown sync:LOCAL


Minor bug and it won't affect anyone unless they try to follow the example 
in which case things won't work as is. A comment in access.conf stating 
that the following line needs to be added to /etc/pam.d/login might be 
nice as well.

# If you want to use access.conf make sure to add the following line
# to /etc/pam.d/login
#
# account   required   /lib/security/pam_access.so

Also a comment in /etc/security/limits.conf to the same effect would be 
nice.

# If you want to use limits.conf make sure to add the following line
# to /etc/pam.d/login (and telnet and sshd if you use those services)
#
# session   required   /lib/security/pam_limits.so
Comment 1 Nalin Dahyabhai 2000-11-29 15:42:50 UTC 
The example will be fixed in the upcoming errata.  The comments won't be added,
though, because we may start using pam_access for networked services by default
in the next release, and pam_limits is already used.  Thanks!