summaryrefslogtreecommitdiffstats
path: root/meta/recipes-extended/shadow/files/pam.d/su
diff options
context:
space:
mode:
Diffstat (limited to 'meta/recipes-extended/shadow/files/pam.d/su')
-rw-r--r--meta/recipes-extended/shadow/files/pam.d/su60
1 files changed, 60 insertions, 0 deletions
diff --git a/meta/recipes-extended/shadow/files/pam.d/su b/meta/recipes-extended/shadow/files/pam.d/su
new file mode 100644
index 0000000000..8e35137f37
--- /dev/null
+++ b/meta/recipes-extended/shadow/files/pam.d/su
@@ -0,0 +1,60 @@
1#
2# The PAM configuration file for the Shadow `su' service
3#
4
5# This allows root to su without passwords (normal operation)
6auth sufficient pam_rootok.so
7
8# Uncomment this to force users to be a member of group root
9# before they can use `su'. You can also add "group=foo"
10# to the end of this line if you want to use a group other
11# than the default "root" (but this may have side effect of
12# denying "root" user, unless she's a member of "foo" or explicitly
13# permitted earlier by e.g. "sufficient pam_rootok.so").
14# (Replaces the `SU_WHEEL_ONLY' option from login.defs)
15# auth required pam_wheel.so
16
17# Uncomment this if you want wheel members to be able to
18# su without a password.
19# auth sufficient pam_wheel.so trust
20
21# Uncomment this if you want members of a specific group to not
22# be allowed to use su at all.
23# auth required pam_wheel.so deny group=nosu
24
25# Uncomment and edit /etc/security/time.conf if you need to set
26# time restrainst on su usage.
27# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs
28# as well as /etc/porttime)
29# account requisite pam_time.so
30
31# This module parses environment configuration file(s)
32# and also allows you to use an extended config
33# file /etc/security/pam_env.conf.
34#
35# parsing /etc/environment needs "readenv=1"
36session required pam_env.so readenv=1
37# locale variables are also kept into /etc/default/locale in etch
38# reading this file *in addition to /etc/environment* does not hurt
39session required pam_env.so readenv=1 envfile=/etc/default/locale
40
41# Defines the MAIL environment variable
42# However, userdel also needs MAIL_DIR and MAIL_FILE variables
43# in /etc/login.defs to make sure that removing a user
44# also removes the user's mail spool file.
45# See comments in /etc/login.defs
46#
47# "nopen" stands to avoid reporting new mail when su'ing to another user
48session optional pam_mail.so nopen
49
50# Sets up user limits, please uncomment and read /etc/security/limits.conf
51# to enable this functionality.
52# (Replaces the use of /etc/limits in old login)
53# session required pam_limits.so
54
55# The standard Unix authentication modules, used with
56# NIS (man nsswitch) as well as normal /etc/passwd and
57# /etc/shadow entries.
58auth include common-auth
59account include common-account
60session include common-session