API tools faq
paste
Advertisement
Guest User

/etc/pan-d/su

a guest
Jan 5th, 2022
801
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.37 KB | None | 0 0
raw download clone embed print report
  1. #
  2. # The PAM configuration file for the Shadow `su' service
  3. #
  4.  
  5. # This allows root to su without passwords (normal operation)
  6. auth sufficient pam_rootok.so
  7.  
  8. # Uncomment this to force users to be a member of group wheel
  9. # before they can use `su'. You can also add "group=foo"
  10. # to the end of this line if you want to use a group other
  11. # than the default "wheel" (but this may have side effect of
  12. # denying "root" user, unless she's a member of "foo" or explicitly
  13. # permitted earlier by e.g. "sufficient pam_rootok.so").
  14. # (Replaces the `SU_WHEEL_ONLY' option from login.defs)
  15. # auth required pam_wheel.so
  16.  
  17. # Uncomment this if you want wheel members to be able to
  18. # su without a password.
  19. # auth sufficient pam_wheel.so trust
  20.  
  21. # Uncomment this if you want members of a specific group to not
  22. # be allowed to use su at all.
  23. # auth required pam_wheel.so deny group=nosu
  24.  
  25. # Uncomment and edit /etc/security/time.conf if you need to set
  26. # time restrainst on su usage.
  27. # (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs
  28. # as well as /etc/porttime)
  29. # account requisite pam_time.so
  30.  
  31. # This module parses environment configuration file(s)
  32. # and also allows you to use an extended config
  33. # file /etc/security/pam_env.conf.
  34. #
  35. # parsing /etc/environment needs "readenv=1"
  36. session required pam_env.so readenv=1
  37. # locale variables are also kept into /etc/default/locale in etch
  38. # reading this file *in addition to /etc/environment* does not hurt
  39. session required pam_env.so readenv=1 envfile=/etc/default/locale
  40.  
  41. # Defines the MAIL environment variable
  42. # However, userdel also needs MAIL_DIR and MAIL_FILE variables
  43. # in /etc/login.defs to make sure that removing a user
  44. # also removes the user's mail spool file.
  45. # See comments in /etc/login.defs
  46. #
  47. # "nopen" stands to avoid reporting new mail when su'ing to another user
  48. session optional pam_mail.so nopen
  49.  
  50. # Sets up user limits according to /etc/security/limits.conf
  51. # (Replaces the use of /etc/limits in old login)
  52. session required pam_limits.so
  53.  
  54. # inlude apparmor settings in this pam module
  55. session optional pam_apparmor.so order=group,user,default debug
  56.  
  57. # The standard Unix authentication modules, used with
  58. # NIS (man nsswitch) as well as normal /etc/passwd and
  59. # /etc/shadow entries.
  60. @include common-auth
  61. @include common-account
  62. @include common-session
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!