LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - General (https://www.linuxquestions.org/questions/linux-general-1/)
-   -   Two problem about "using pam to limit user login" (https://www.linuxquestions.org/questions/linux-general-1/two-problem-about-using-pam-to-limit-user-login-182811/)

coolend 05-18-2004 05:56 AM
Two problem about "using pam to limit user login"
 
OS£½RHEL 3 AS

Problem 1: use pam.wheel to limit users who can su to root

”°/etc/pam.d/su”± file content as follows:

auth sufficient /lib/security/pam_rootok.so
auth required /lib/security/pam_wheel.so use_uid group=admin
# only allow the members of ”°admin”± group to su to root

auth required /lib/security/pam_stack.so service=system-auth
account required /lib/security/pam_stack.so service=system-auth
password required /lib/security/pam_stack.so service=system-auth
session required /lib/security/pam_stack.so service=system-auth
session optional /lib/security/pam_xauth.so

now we suppose there are 3 users , they are: alice , bob and courer

# usermod -G admin alice
after the above setting, only alice can su to root, but bob cannot.
the question is : bob unexpectedly cannot su to a common user such as courer too.

Some information in /var/log/message:

PAM-Wheel[3873]: Access denied for 'bob' to 'courer'

2. use pam.limits to limit the system resource

"/etc/pam.d/login" file content as follows:

auth required pam_securetty.so
auth required pam_stack.so service=system-auth
auth required pam_nologin.so
account required pam_stack.so service=system-auth
password required pam_stack.so service=system-auth
session required pam_stack.so service=system-auth
session optional pam_console.so
session required pam_limits.so

"/etc/security/limits.conf" file content as follows:

alice - maxlogins 1
bob - maxlogins 2
courer - maxlogins 0

then, 2 alice can login at the same time, 3 bob can login the same time, courer cannot login

why I cannot only allow one person login at the same time ?
N=n+1 (n>0) ?

DavidPhillips 06-03-2004 10:24 PM
woops

I misread the question. I have no answer for this problem

XavierP 06-04-2004 03:00 AM
Moved: This thread is more suitable in Linux-General and has been moved accordingly to help your thread/question get the exposure it deserves.

Is it me, or does this look like a homework question? Alice and Bob indeed.

DavidPhillips 06-04-2004 01:11 PM
I don't know but it would seem your asking for trouble doing this. I have seen that normally a user is showing as logged in more than once from normal use. Your going to end up getting into a lockout situation.

david@firedragon:~> users
david david


If it's remote shell access only you may be ok. If they are using X they will have trouble to open an xterm.


All times are GMT -5. The time now is 12:23 PM.