On 2011-05-26 22:11, William Hopkins wrote: > On 05/26/11 at 07:31pm, Stanisław Findeisen wrote: >> pam_wheel lets you su to root without typing a password if you are a >> member of a specific group. >> >> I need a PAM module with more flexible applicant user / target user >> pairs management. For instance I'd like to be able to su with no >> password from user A to users B and C, but not to root. >> >> What is the way to do it? > > If you must use PAM, consider a usage of pam_listfile and an authorized list of target users, or setting sense=deny and blacklisting root specifically. Configuring multiple pam modules to work together may be necessary to meet every part of your requirement, and this can be complicated and invites serious study and testing prior to implementation. Hm, in pam_listfile man page I can't see any way to restrict *target* user set... -- Eisenbits - proven software solutions: http://www.eisenbits.com/ OpenPGP: E3D9 C030 88F5 D254 434C 6683 17DD 22A0 8A3B 5CC0
Attachment:
signature.asc
Description: OpenPGP digital signature