Linux - GeneralThis Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I want to run some scripts from in the pam stack using pam_exec. I've got it all set up and working by adding suitable entries in to /etc/pam.d/common-auth and /etc/pam.d/common-session. However in both those files there are comments which read
Code:
# This file is autogenerated by pam-config. All changes
# will be overwritten.
This makes me concerned that what I've added to the files might get lost.
I had a look at pam-config and found it only works for supported modules. For no reason that I've been able to determine, pam_exec is not one of those modules despite it being included in the pam package.
Anyone know how I can put a pam_exec call in to common- files in a way which means that pam-config won't wipe it out should it be run for whatever reason?
I'm using SLED but it's the same deal with openSUSE.
It is very safe to put things into those config files and many places do this.
We so this for our University Lab based machines so as to provide logins to students, and have their remote data sub-directory (shared with other window lab machines) automatically mounted (while we have a copy of their password to do so).
The pam-config stuff is very very rarely run, and generally only done once when the machine is first configured, or a major OS upgrade is performed. In OpenSUSE, as long as you don't get it to re-configure login methods (LDAP, Active Directory, Kerberios, etc) it should never do that re-configuration.
Just keep a backup copy of the original (before your changes) and another of your current changes, just in case accidents happen. The pam-config will probably also make extra backups when it runs as well, but I would not trust it to keep its backup if it gets run twice by some novice system administrator.
The KEY to this type of change is... documentation... and logging of changes made to the system so that if you want to figure out what you (or others) have done, or want to re-build the system from scratch, you have the information to do so.
All users who have ever re-installed a computer (and even people that don't) should have as a minimum a log of the changes they made to the OS. It makes life a lot easier 3 years later when you are installing the next OS! Every computer should have a log of exactly how that computer was set up (if not why)!
We so this for our University Lab based machines so as to provide logins to students, and have their remote data sub-directory (shared with other window lab machines) automatically mounted (while we have a copy of their password to do so).
I'm using it for much the same thing.
Quote:
Originally Posted by A.Thyssen
The pam-config stuff is very very rarely run, and generally only done once when the machine is first configured, or a major OS upgrade is performed. In OpenSUSE, as long as you don't get it to re-configure login methods (LDAP, Active Directory, Kerberios, etc) it should never do that re-configuration.
Sounds good.
I had a feeling that was the case but couldn't find any documentation on the circumstances under which pam-config gets run.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.