witam, czy działa komuś poprawnie moduł capabilities do pam'a? u mnie
jest tak
[root@th ~]# rpm -qa pam*
pam-1.1.3-2.x86_64
pam-libs-1.1.3-2.x86_64
pam-pam_cap-2.20-1.x86_64
[root@th ~]# rpm -qa libcap*
libcap-devel-2.20-1.x86_64
libcap-ng-0.6.4-2.x86_64
libcap-ng-utils-0.6.4-2.x86_64
libcap-2.20-1.x86_64
libcap-libs-2.20-1.x86_64
[root@th ~]# grep -v ^# /etc/security/capability.conf | grep .
cap_sys_admin pawel
none *
[root@th ~]# grep -v ^# /etc/pam.d/system-auth | grep .
auth required pam_listfile.so item=user sense=deny
file=/etc/security/blacklist onerr=succeed
auth required pam_env.so*
auth required pam_cap.so*
auth required pam_tally.so deny=0
file=/var/log/faillog onerr=succeed
auth required pam_unix.so try_first_pass
account required pam_tally.so file=/var/log/faillog
onerr=succeed
account required pam_time.so
account required pam_unix.so
password required pam_cracklib.so try_first_pass difok=2
minlen=8 dcredit=2 ocredit=2 retry=3
password required pam_unix.so try_first_pass sha512 shadow
use_authtok
password required pam_exec.so failok seteuid /usr/bin/make
-C /var/db
session optional pam_keyinit.so revoke
session required pam_limits.so change_uid
session [success=1 default=ignore] pam_succeed_if.so
service in crond quiet use_uid
session required pam_unix.so
samo zalogowanie się na dowolne konto kończy się tak:
[pawel@th ~]$ su -l pawel
Hasło:
Naruszenie ochrony pamięci
[pawel@th ~]$ su -
Hasło:
Naruszenie ochrony pamięci
[pawel@th ~]$
ktoś coś wie co jest popsute? pozdrawiam
_______________________________________________
pld-users-pl mailing list
[email protected]
http://lists.pld-linux.org/mailman/listinfo/pld-users-pl
