[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[solved] Re: Question on pam_access cron configuration



Just to finish this one:

My goal was to only use pam_access.so if the service was sshd or login.

This configuration in common-account achieves that:

account        [default=1 success=ignore] pam_succeed_if.so service in
sshd:login quiet
account        required                        pam_access.so

Regards
Dominik

2012/8/1 Dominik Klein <dominik.klein@googlemail.com>:
> Well thank you for this delightful answer.
>
> Yes, one could configure something like
>
> + : nobody : crond
>
> But that is something I would like to avoid (which I stated in the
> first email) since that would imply having this config on 500+
> machines (each has the same access.conf)
>
> I am looking for the pam way to achieve this.
>
> Thanks
> Dominik
>
> 2012/8/1 emmanuel segura <emi2fast@gmail.com>:
>> man access.conf
>>
>> 2012/8/1 Dominik Klein <dominik.klein@googlemail.com>
>>>
>>> Hi
>>>
>>> I included pam_access in common-account in order to manage access to
>>> my machines.
>>>
>>> Now, cronjobs running as www-data or nobody cannot run because there
>>> is no entry in the access.conf - and I really don't want an entry for
>>> each cronjob.
>>>
>>> My approach on fixing this was to exclude common-account from
>>> /etc/pam.d/cron, but I still get
>>>
>>> CRON[pid]: pam_access(cron:account) access diened for user "nobody" from
>>> "cron"
>>>
>>> What's the correct (debian) way to deal with this situation?
>>>
>>> Regards
>>> Dominik
>>>
>>>
>>> --
>>> To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
>>> with a subject of "unsubscribe". Trouble? Contact
>>> listmaster@lists.debian.org
>>> Archive:
>>> CAHY3NAYAyKoW=LY_KnNbKE20q0athqosfQqj0UGd2pg_7G7ZjQ@mail.gmail.com">http://lists.debian.org/CAHY3NAYAyKoW=LY_KnNbKE20q0athqosfQqj0UGd2pg_7G7ZjQ@mail.gmail.com
>>>
>>
>>
>>
>> --
>> esta es mi vida e me la vivo hasta que dios quiera


Reply to: