Bug 21467 - /etc/security/access.conf error in example
Summary: /etc/security/access.conf error in example
Status: CLOSED RAWHIDE
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: pam   
(Show other bugs)
Version: 7.0
Hardware: All Linux
low
low
Target Milestone: ---
Assignee: Nalin Dahyabhai
QA Contact: Aaron Brown
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2000-11-29 06:41 UTC by Mike McHenry
Modified: 2005-10-31 22:00 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2000-11-29 15:22:28 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

Description Mike McHenry 2000-11-29 06:41:15 UTC
The example line in /etc/security/access.conf that disallows console 
access for any users except those in the wheel or root group does not work 
as is.

#-:ALL EXCEPT wheel shutdown sync:console

should instead be

#-:ALL EXCEPT wheel shutdown sync:LOCAL


Minor bug and it won't affect anyone unless they try to follow the example 
in which case things won't work as is. A comment in access.conf stating 
that the following line needs to be added to /etc/pam.d/login might be 
nice as well.

# If you want to use access.conf make sure to add the following line
# to /etc/pam.d/login
#
# account   required   /lib/security/pam_access.so

Also a comment in /etc/security/limits.conf to the same effect would be 
nice.

# If you want to use limits.conf make sure to add the following line
# to /etc/pam.d/login (and telnet and sshd if you use those services)
#
# session   required   /lib/security/pam_limits.so

Comment 1 Nalin Dahyabhai 2000-11-29 15:42:50 UTC
The example will be fixed in the upcoming errata.  The comments won't be added,
though, because we may start using pam_access for networked services by default
in the next release, and pam_limits is already used.  Thanks!


Note You need to log in before you can comment on or make changes to this bug.