[Pkg-shadow-devel] Re: [Pkg-shadow-commits] r555 - trunk/debian
Alexander Gattin
xrgtn at yandex.ru
Fri Sep 30 22:53:18 UTC 2005
On Sat, Oct 01, 2005 at 01:36:56AM +0300, Alexander Gattin wrote:
> On Fri, Sep 30, 2005 at 09:48:42PM +0000, Nicolas FRANCOIS wrote:
> > Also documents that with 'pam_wheel.so group=foo', root may need to
> > be in the foo group.
>
> maybe the next:
> # Uncomment this to force users to be a member of group "root"
> # before they can use `su'. You can also add "group=foo" to
> # to the end of this line if you want to use a group other
> # than the default "root".
> # Note that "root" user is also checked by pam_wheel and may
> # as well be denied access unless she's a member of "foo" or
> # explicilty permitted earlier by e.g. "sufficient
> # pam_rootok.so".
> # (Replaces the `SU_WHEEL_ONLY' option from login.defs)
> # auth required pam_wheel.so
>
> ???
First time when I read your comment (you may want
to add root to this group if you don't use the pam_rootok
module earlier) I felt strong association with
"pam_wheel.so trust"...
Also I dislike my the above version too -- maybe we
just should add that pam_wheel may deny "root" user too
(by group membership criteria)?
> --
> WBR,
> xrgtn
More information about the Pkg-shadow-devel
mailing list