On Wed, Jun 01, 2011 at 12:43:46PM +0200, Stanisław Findeisen wrote: > It looks that pam_listfile only allows to restrict *source* user set and > *not* *target* user set. That's not true at all. item=user *is* the target user set. (Source user set would be the seldom-used item=ruser.) > Here's the debian-user discussion: > http://lists.debian.org/debian-user/2011/05/msg02054.html > Is there any way to do what I want? As already suggested, sudo does seem to be a better fit for what you're trying to achieve. pam_listfile isn't going to give you any reasonable mapping for applicant / target user *pairs*; you only get "this list of users are allowed access to this other list of users". > If I write a patch for pam_listfile, will you accept it to Debian? No. It would have to go upstream first; but I'll say that such a patch is unlikely to be accepted. > Where is the source code? I think that's more of a question for debian-user anyway, but: $ dpkg -S /lib/security/pam_listfile.so libpam-modules: /lib/security/pam_listfile.so $ debcheckout libpam-modules declared bzr repository at nosmart+http://bzr.debian.org/bzr/pkg-pam/debian/sid/ bzr branch nosmart+http://bzr.debian.org/bzr/pkg-pam/debian/sid/ libpam-modules ... [...] > Or maybe that should be a new PAM module? It could be. But I'm skeptical that such a module would be of widespread interest. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developer http://www.debian.org/ slangasek@ubuntu.com vorlon@debian.org
Attachment:
signature.asc
Description: Digital signature