Bug 21467 - /etc/security/access.conf error in example
/etc/security/access.conf error in example
Status: CLOSED RAWHIDE
Product: Red Hat Linux
Classification: Retired
Component: pam (Show other bugs)
7.0
All Linux
low Severity low
: ---
: ---
Assigned To: Nalin Dahyabhai
Aaron Brown
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2000-11-29 01:41 EST by Mike McHenry
Modified: 2005-10-31 17:00 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2000-11-29 10:22:28 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Mike McHenry 2000-11-29 01:41:15 EST
The example line in /etc/security/access.conf that disallows console 
access for any users except those in the wheel or root group does not work 
as is.

#-:ALL EXCEPT wheel shutdown sync:console

should instead be

#-:ALL EXCEPT wheel shutdown sync:LOCAL


Minor bug and it won't affect anyone unless they try to follow the example 
in which case things won't work as is. A comment in access.conf stating 
that the following line needs to be added to /etc/pam.d/login might be 
nice as well.

# If you want to use access.conf make sure to add the following line
# to /etc/pam.d/login
#
# account   required   /lib/security/pam_access.so

Also a comment in /etc/security/limits.conf to the same effect would be 
nice.

# If you want to use limits.conf make sure to add the following line
# to /etc/pam.d/login (and telnet and sshd if you use those services)
#
# session   required   /lib/security/pam_limits.so
Comment 1 Nalin Dahyabhai 2000-11-29 10:42:50 EST
The example will be fixed in the upcoming errata.  The comments won't be added,
though, because we may start using pam_access for networked services by default
in the next release, and pam_limits is already used.  Thanks!

Note You need to log in before you can comment on or make changes to this bug.