Two problem about "using pam to limit user login"
OS£½RHEL 3 AS
Problem 1: use pam.wheel to limit users who can su to root ”°/etc/pam.d/su”± file content as follows: auth sufficient /lib/security/pam_rootok.so auth required /lib/security/pam_wheel.so use_uid group=admin # only allow the members of ”°admin”± group to su to root auth required /lib/security/pam_stack.so service=system-auth account required /lib/security/pam_stack.so service=system-auth password required /lib/security/pam_stack.so service=system-auth session required /lib/security/pam_stack.so service=system-auth session optional /lib/security/pam_xauth.so now we suppose there are 3 users , they are: alice , bob and courer # usermod -G admin alice after the above setting, only alice can su to root, but bob cannot. the question is : bob unexpectedly cannot su to a common user such as courer too. Some information in /var/log/message: PAM-Wheel[3873]: Access denied for 'bob' to 'courer' 2. use pam.limits to limit the system resource "/etc/pam.d/login" file content as follows: auth required pam_securetty.so auth required pam_stack.so service=system-auth auth required pam_nologin.so account required pam_stack.so service=system-auth password required pam_stack.so service=system-auth session required pam_stack.so service=system-auth session optional pam_console.so session required pam_limits.so "/etc/security/limits.conf" file content as follows: alice - maxlogins 1 bob - maxlogins 2 courer - maxlogins 0 then, 2 alice can login at the same time, 3 bob can login the same time, courer cannot login why I cannot only allow one person login at the same time ? N=n+1 (n>0) ? |
woops
I misread the question. I have no answer for this problem |
Moved: This thread is more suitable in Linux-General and has been moved accordingly to help your thread/question get the exposure it deserves.
Is it me, or does this look like a homework question? Alice and Bob indeed. |
I don't know but it would seem your asking for trouble doing this. I have seen that normally a user is showing as logged in more than once from normal use. Your going to end up getting into a lockout situation.
david@firedragon:~> users david david If it's remote shell access only you may be ok. If they are using X they will have trouble to open an xterm. |
All times are GMT -5. The time now is 12:23 PM. |