Just to finish this one:
My goal was to only use pam_access.so if the service was sshd or login.
This configuration in common-account achieves that:
account[default=1 success=ignore] pam_succeed_if.so service in
sshd:login quiet
accountrequired
Hi
I included pam_access in common-account in order to manage access to
my machines.
Now, cronjobs running as www-data or nobody cannot run because there
is no entry in the access.conf - and I really don't want an entry for
each cronjob.
My approach on fixing this was to exclude common-account
Well thank you for this delightful answer.
Yes, one could configure something like
+ : nobody : crond
But that is something I would like to avoid (which I stated in the
first email) since that would imply having this config on 500+
machines (each has the same access.conf)
I am looking for the
3 matches
Mail list logo
