PageRenderTime 62ms CodeModel.GetById 40ms app.highlight 1ms RepoModel.GetById 19ms app.codeStats 0ms

/pam.d/su

http://github.com/brinkman83/bashrc
#! | 62 lines | 51 code | 11 blank | 0 comment | 0 complexity | 7309fb874571fe5447321b43448a50b3 MD5 | raw file
 1#
 2# The PAM configuration file for the Shadow `su' service
 3#
 4
 5# This allows root to su without passwords (normal operation)
 6auth       sufficient pam_rootok.so
 7
 8# Uncomment this to force users to be a member of group root
 9# before they can use `su'. You can also add "group=foo"
10# to the end of this line if you want to use a group other
11# than the default "root" (but this may have side effect of
12# denying "root" user, unless she's a member of "foo" or explicitly
13# permitted earlier by e.g. "sufficient pam_rootok.so").
14# (Replaces the `SU_WHEEL_ONLY' option from login.defs)
15# auth       required   pam_wheel.so
16
17# Uncomment this if you want wheel members to be able to
18# su without a password.
19# auth       sufficient pam_wheel.so trust
20
21# Uncomment this if you want members of a specific group to not
22# be allowed to use su at all.
23# auth       required   pam_wheel.so deny group=nosu
24
25# Uncomment and edit /etc/security/time.conf if you need to set
26# time restrainst on su usage.
27# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs
28# as well as /etc/porttime)
29# account    requisite  pam_time.so
30
31# This module parses environment configuration file(s)
32# and also allows you to use an extended config
33# file /etc/security/pam_env.conf.
34# 
35# parsing /etc/environment needs "readenv=1"
36session       required   pam_env.so readenv=1
37# locale variables are also kept into /etc/default/locale in etch
38# reading this file *in addition to /etc/environment* does not hurt
39session       required   pam_env.so readenv=1 envfile=/etc/default/locale
40
41# Defines the MAIL environment variable
42# However, userdel also needs MAIL_DIR and MAIL_FILE variables
43# in /etc/login.defs to make sure that removing a user 
44# also removes the user's mail spool file.
45# See comments in /etc/login.defs
46#
47# "nopen" stands to avoid reporting new mail when su'ing to another user
48session    optional   pam_mail.so nopen
49
50# Sets up user limits, please uncomment and read /etc/security/limits.conf
51# to enable this functionality.
52# (Replaces the use of /etc/limits in old login)
53# session    required   pam_limits.so
54
55# The standard Unix authentication modules, used with
56# NIS (man nsswitch) as well as normal /etc/passwd and
57# /etc/shadow entries.
58@include common-auth
59@include common-account
60@include common-session
61
62