:: [devuan-dev] bug#805: openrc: super…
Página Principal
Delete this message
Reply to this message
Autor: Mark Hindley
Data:  
Para: meow
CC: 805
Assunto: [devuan-dev] bug#805: openrc: supervise-daemon: missing PAM configuration
Hi,

On Sat, Nov 25, 2023 at 06:48:42AM +0000, meow wrote:
>    Yes, you’re right, it should be included in the configuration file.
>    /etc/pam.d/supervise-daemon:
>    #%PAM-1.0
>    auth            required        pam_permit.so
>    account         required        pam_permit.so
>    password        required        pam_deny.so
>    session         optional        pam_limits.so
>    @include common-account
>    @include common-session-nointeractive
>    use 'common-*' incorrectly. we only need common-account and
>    common-session-nointetactive.


This is different to what I suggested.

I think

>    auth            required        pam_permit.so
>    account         required        pam_permit.so


Should be *replaced* by

@include common-auth
@include common-account

And

>    session         optional        pam_limits.so


should be after

@include common-session-nointetactive

That makes the whole config

#%PAM-1.0
password        required        pam_deny.so
@include common-account
@include common-account
@include common-session-nointeractive
session         optional        pam_limits.so


Is that better?

If you have improvements, please provide the reasoning as well.

Thanks

Mark