[solved] Re: Question on pam_access cron configuration
Just to finish this one:
My goal was to only use pam_access.so if the service was sshd or login.
This configuration in common-account achieves that:
account [default=1 success=ignore] pam_succeed_if.so service in
account required pam_access.so
2012/8/1 Dominik Klein <firstname.lastname@example.org>:
> Well thank you for this delightful answer.
> Yes, one could configure something like
> + : nobody : crond
> But that is something I would like to avoid (which I stated in the
> first email) since that would imply having this config on 500+
> machines (each has the same access.conf)
> I am looking for the pam way to achieve this.
> 2012/8/1 emmanuel segura <email@example.com>:
>> man access.conf
>> 2012/8/1 Dominik Klein <firstname.lastname@example.org>
>>> I included pam_access in common-account in order to manage access to
>>> my machines.
>>> Now, cronjobs running as www-data or nobody cannot run because there
>>> is no entry in the access.conf - and I really don't want an entry for
>>> each cronjob.
>>> My approach on fixing this was to exclude common-account from
>>> /etc/pam.d/cron, but I still get
>>> CRON[pid]: pam_access(cron:account) access diened for user "nobody" from
>>> What's the correct (debian) way to deal with this situation?
>>> To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
>>> with a subject of "unsubscribe". Trouble? Contact
>> esta es mi vida e me la vivo hasta que dios quiera