PDA

View Full Version : Strange behaviour of pam_wheel.so



Walter S
30-Aug-2011, 15:36
I added the line
Code:
--------------------
auth required pam_wheel.so use_uid
--------------------
to /etc/pam.d/su on SLES 11 (2.6.32.27-0.2 x86_64) which works fine
*except * if you run
Code:
--------------------
su -
--------------------

Background: We need to restrict usage of su to certain users, which is
impossible if "su -" is not affected by above entry in /etc/pam.d/su.
Upgrading to a newer kernel is not possible at the moment because there
are issues with the current kernel and certain 10G NICs.

I tested the same configuration on a Fedora 15 (2.6.40.3-0 x86_64)
where it worked as expected.


Any hints or workarounds are appreciated.


Walter


--
Walter_S
------------------------------------------------------------------------
Walter_S's Profile: http://forums.novell.com/member.php?userid=115997
View this thread: http://forums.novell.com/showthread.php?t=443920

amo vzug
31-Aug-2011, 09:26
Hi Walter

For this purpose you should also modify the file /etc/pam.d/su-l. This
file handles all commands like "su -" or "su - nobody" etc.
Regards
Tom


--
amo_vzug
------------------------------------------------------------------------
amo_vzug's Profile: http://forums.novell.com/member.php?userid=25342
View this thread: http://forums.novell.com/showthread.php?t=443920

Walter S
01-Sep-2011, 10:36
Ah, that did the trick.

Many thanks!

Walter


--
Walter_S
------------------------------------------------------------------------
Walter_S's Profile: http://forums.novell.com/member.php?userid=115997
View this thread: http://forums.novell.com/showthread.php?t=443920