No, there are nuances. for example, the PAM access module.
if you turn it on, supervise-daemon stops working correctly.
On November 26, 2023 9:07:28 AM UTC, Mark Hindley <mark@???> wrote:
>Hi,
>
>On Sat, Nov 25, 2023 at 06:48:42AM +0000, meow wrote:
>> Yes, you’re right, it should be included in the configuration file.
>> /etc/pam.d/supervise-daemon:
>> #%PAM-1.0
>> auth required pam_permit.so
>> account required pam_permit.so
>> password required pam_deny.so
>> session optional pam_limits.so
>> @include common-account
>> @include common-session-nointeractive
>> use 'common-*' incorrectly. we only need common-account and
>> common-session-nointetactive.
>
>This is different to what I suggested.
>
>I think
>
>> auth required pam_permit.so
>> account required pam_permit.so
>
>Should be *replaced* by
>
>@include common-auth
>@include common-account
>
>And
>
>> session optional pam_limits.so
>
>should be after
>
>@include common-session-nointetactive
>
>That makes the whole config
>
>#%PAM-1.0
>password required pam_deny.so
>@include common-account
>@include common-account
>@include common-session-nointeractive
>session optional pam_limits.so
>
>Is that better?
>
>If you have improvements, please provide the reasoning as well.
>
>Thanks
>
>Mark