Package: libpam-runtime
Followup-For: Bug #207394
X-Debbugs-Cc: [email protected]
Dear Maintainer,
*** Reporter, please consider answering these questions, where appropriate ***
* What led up to the situation?
* What exactly did you do (or not do) that was effective (or
ineffective)?
* What was the outcome of this action?
* What outcome did you expect instead?
*** End of the template - remove these template lines ***
To limit from where root can log in, I set in /etc/security/access.conf:
+:root:tty1
-:root:ALL
but when running: systemctl disable some_service, systemd prompts for the root
password
and succesfully runs the command.
As a fix I added "account required pam_access.so" to the top of
/etc/pam.d/common-auth,
this successfully prevents authentication via systemctl.
-- System Information:
Debian Release: forky/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 6.19.6+deb14-amd64 (SMP w/4 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages libpam-runtime depends on:
ii debconf [debconf-2.0] 1.5.92
ii libpam-modules 1.7.0-5+b1
libpam-runtime recommends no packages.
libpam-runtime suggests no packages.
-- debconf information:
libpam-runtime/override: false
libpam-runtime/conflicts:
libpam-runtime/no_profiles_chosen:
libpam-runtime/profiles: unix, systemd
libpam-runtime/title:
