Bug 21467 - /etc/security/access.conf error in example
Summary: /etc/security/access.conf error in example
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: pam   
(Show other bugs)
Version: 7.0
Hardware: All Linux
Target Milestone: ---
Assignee: Nalin Dahyabhai
QA Contact: Aaron Brown
Depends On:
TreeView+ depends on / blocked
Reported: 2000-11-29 06:41 UTC by Mike McHenry
Modified: 2005-10-31 22:00 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2000-11-29 15:22:28 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

Description Mike McHenry 2000-11-29 06:41:15 UTC
The example line in /etc/security/access.conf that disallows console 
access for any users except those in the wheel or root group does not work 
as is.

#-:ALL EXCEPT wheel shutdown sync:console

should instead be

#-:ALL EXCEPT wheel shutdown sync:LOCAL

Minor bug and it won't affect anyone unless they try to follow the example 
in which case things won't work as is. A comment in access.conf stating 
that the following line needs to be added to /etc/pam.d/login might be 
nice as well.

# If you want to use access.conf make sure to add the following line
# to /etc/pam.d/login
# account   required   /lib/security/pam_access.so

Also a comment in /etc/security/limits.conf to the same effect would be 

# If you want to use limits.conf make sure to add the following line
# to /etc/pam.d/login (and telnet and sshd if you use those services)
# session   required   /lib/security/pam_limits.so

Comment 1 Nalin Dahyabhai 2000-11-29 15:42:50 UTC
The example will be fixed in the upcoming errata.  The comments won't be added,
though, because we may start using pam_access for networked services by default
in the next release, and pam_limits is already used.  Thanks!

Note You need to log in before you can comment on or make changes to this bug.