Re: Question on pam_access cron configuration
- To: firstname.lastname@example.org
- Subject: Re: Question on pam_access cron configuration
- From: Dominik Klein <email@example.com>
- Date: Wed, 1 Aug 2012 09:58:38 +0200
- Message-id: <CAHY3NAYxo0wK7qz=66LMOz3b2q0-c6wwNqUJ1aOq_UbnN3WiUg@mail.gmail.com>
- In-reply-to: <CAE7pJ3B=Q437TdWph0QJFSJt2=8EM1xZ+1JLz_7RX0SrpKjc6g@mail.gmail.com>
- References: <CAHY3NAYAyKoW=LY_KnNbKE20q0athqosfQqj0UGd2pg_7G7ZjQ@mail.gmail.com> <CAE7pJ3B=Q437TdWph0QJFSJt2=8EM1xZ+1JLz_7RX0SrpKjc6g@mail.gmail.com>
Well thank you for this delightful answer.
Yes, one could configure something like
+ : nobody : crond
But that is something I would like to avoid (which I stated in the
first email) since that would imply having this config on 500+
machines (each has the same access.conf)
I am looking for the pam way to achieve this.
2012/8/1 emmanuel segura <firstname.lastname@example.org>:
> man access.conf
> 2012/8/1 Dominik Klein <email@example.com>
>> I included pam_access in common-account in order to manage access to
>> my machines.
>> Now, cronjobs running as www-data or nobody cannot run because there
>> is no entry in the access.conf - and I really don't want an entry for
>> each cronjob.
>> My approach on fixing this was to exclude common-account from
>> /etc/pam.d/cron, but I still get
>> CRON[pid]: pam_access(cron:account) access diened for user "nobody" from
>> What's the correct (debian) way to deal with this situation?
>> To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
>> with a subject of "unsubscribe". Trouble? Contact
> esta es mi vida e me la vivo hasta que dios quiera