[solved] Re: Question on pam_access cron configuration
Just to finish this one: My goal was to only use pam_access.so if the service was sshd or login. This configuration in common-account achieves that: account[default=1 success=ignore] pam_succeed_if.so service in sshd:login quiet accountrequiredpam_access.so Regards Dominik 2012/8/1 Dominik Klein : > Well thank you for this delightful answer. > > Yes, one could configure something like > > + : nobody : crond > > But that is something I would like to avoid (which I stated in the > first email) since that would imply having this config on 500+ > machines (each has the same access.conf) > > I am looking for the pam way to achieve this. > > Thanks > Dominik > > 2012/8/1 emmanuel segura : >> man access.conf >> >> 2012/8/1 Dominik Klein >>> >>> Hi >>> >>> I included pam_access in common-account in order to manage access to >>> my machines. >>> >>> Now, cronjobs running as www-data or nobody cannot run because there >>> is no entry in the access.conf - and I really don't want an entry for >>> each cronjob. >>> >>> My approach on fixing this was to exclude common-account from >>> /etc/pam.d/cron, but I still get >>> >>> CRON[pid]: pam_access(cron:account) access diened for user "nobody" from >>> "cron" >>> >>> What's the correct (debian) way to deal with this situation? >>> >>> Regards >>> Dominik >>> >>> >>> -- >>> To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org >>> with a subject of "unsubscribe". Trouble? Contact >>> listmas...@lists.debian.org >>> Archive: >>> http://lists.debian.org/CAHY3NAYAyKoW=ly_knnbke20q0athqosfqqj0ugd2pg_7g7...@mail.gmail.com >>> >> >> >> >> -- >> esta es mi vida e me la vivo hasta que dios quiera -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/cahy3naaohprggndrvdp3uifblytei4gzaq2bx5jzijbprxa...@mail.gmail.com
Re: Question on pam_access cron configuration
Well thank you for this delightful answer. Yes, one could configure something like + : nobody : crond But that is something I would like to avoid (which I stated in the first email) since that would imply having this config on 500+ machines (each has the same access.conf) I am looking for the pam way to achieve this. Thanks Dominik 2012/8/1 emmanuel segura : > man access.conf > > 2012/8/1 Dominik Klein >> >> Hi >> >> I included pam_access in common-account in order to manage access to >> my machines. >> >> Now, cronjobs running as www-data or nobody cannot run because there >> is no entry in the access.conf - and I really don't want an entry for >> each cronjob. >> >> My approach on fixing this was to exclude common-account from >> /etc/pam.d/cron, but I still get >> >> CRON[pid]: pam_access(cron:account) access diened for user "nobody" from >> "cron" >> >> What's the correct (debian) way to deal with this situation? >> >> Regards >> Dominik >> >> >> -- >> To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org >> with a subject of "unsubscribe". Trouble? Contact >> listmas...@lists.debian.org >> Archive: >> http://lists.debian.org/CAHY3NAYAyKoW=ly_knnbke20q0athqosfqqj0ugd2pg_7g7...@mail.gmail.com >> > > > > -- > esta es mi vida e me la vivo hasta que dios quiera -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/CAHY3NAYxo0wK7qz=66lmoz3b2q0-c6wwnquj1aoq_ubnn3w...@mail.gmail.com
Question on pam_access cron configuration
Hi I included pam_access in common-account in order to manage access to my machines. Now, cronjobs running as www-data or nobody cannot run because there is no entry in the access.conf - and I really don't want an entry for each cronjob. My approach on fixing this was to exclude common-account from /etc/pam.d/cron, but I still get CRON[pid]: pam_access(cron:account) access diened for user "nobody" from "cron" What's the correct (debian) way to deal with this situation? Regards Dominik -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/CAHY3NAYAyKoW=ly_knnbke20q0athqosfqqj0ugd2pg_7g7...@mail.gmail.com