- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - Linux
- >
- Re: Query about PAM
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-21-2005 05:04 PM
тАО07-21-2005 05:04 PM
We use Tru64 and are migrating to Linux RHEL. Under T64 only users in the system group can su to root, while others can su to other accounts as long as they know the password.
We would like to allow the same in RHEL however the PAM solution once enabled ie pam_wheel.so use_id results in no one being able to su except for users being the member of the wheel group. This defeats the purpose of allowing staff to be normal users who have the ability to su to oracle to act as dbas.
We wish to have the control over su to root but not the whole distance. I was browsing somewhere that mentioned that this was a bug in PAM or is it intended? and can the method that we want (ie Only locking root out to wheel group members but allowing su to other accounts) be implemented in a simpler way (ie not using pam_listfiles.so as this will create an admin headache).
Any help would be good?
Robert.
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-21-2005 05:20 PM
тАО07-21-2005 05:20 PM
Re: Query about PAM
auth required pam_wheel.so group=system use_uid
as the 2nd or 3rd line.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-21-2005 05:32 PM
тАО07-21-2005 05:32 PM
Re: Query about PAM
By placing group=system just means that members of system can su. It still doesnt fix the fact that unless your a member of system you cannot su - full stop end of story!
If I create an account called test and it has a password fred. Then if I am not a member of the system group to su to root I cannot su - test (password: fred) it returns su: incorrect password
I read an approach using listfiles and setting up individual groups and using listfiles and group membership to allow su, but thats a lot of mucking about and when another group/user comes along then you have to set that one up as well.
Any ideas?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-21-2005 05:33 PM
тАО07-21-2005 05:33 PM
SolutionSee
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=161579
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-21-2005 05:33 PM
тАО07-21-2005 05:33 PM
Re: Query about PAM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-21-2005 05:58 PM
тАО07-21-2005 05:58 PM
Re: Query about PAM
Looks like I have to wait until the fix in 0.77 (regress from 0.78) becomes available?
Robert.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-21-2005 06:06 PM
тАО07-21-2005 06:06 PM
Re: Query about PAM
Grab the FC4 pam-0.79 SRC RPM's, and compile then for RHEL4 using 'rpmbuild --rebuild ...'.
ftp://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/SRPMS/pam-0.79-9.src.rpm
.. and associated others (from ftp://download.fedora.redhat.com/pub/fedora/linux/core/4/SRPMS/pam-*-0.79-8.src.rpm ) if required.
I love a good cheat :P