1 files changed, 60 insertions, 0 deletions
diff --git a/meta/recipes-extended/shadow/files/pam.d/su b/meta/recipes-extended/shadow/files/pam.d/su
new file mode 100644
index 0000000000..8e35137f37
--- /dev/null
+++ b/meta/recipes-extended/shadow/files/pam.d/su
@@ -0,0 +1,60 @@
+#
+# The PAM configuration file for the Shadow `su' service
+#
+# This allows root to su without passwords (normal operation)
+auth       sufficient pam_rootok.so
+# Uncomment this to force users to be a member of group root
+# before they can use `su'. You can also add "group=foo"
+# to the end of this line if you want to use a group other
+# than the default "root" (but this may have side effect of
+# denying "root" user, unless she's a member of "foo" or explicitly
+# permitted earlier by e.g. "sufficient pam_rootok.so").
+# (Replaces the `SU_WHEEL_ONLY' option from login.defs)
+# auth       required   pam_wheel.so
+# Uncomment this if you want wheel members to be able to
+# su without a password.
+# auth       sufficient pam_wheel.so trust
+# Uncomment this if you want members of a specific group to not
+# be allowed to use su at all.
+# auth       required   pam_wheel.so deny group=nosu
+# Uncomment and edit /etc/security/time.conf if you need to set
+# time restrainst on su usage.
+# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs
+# as well as /etc/porttime)
+# account    requisite  pam_time.so
+# This module parses environment configuration file(s)
+# and also allows you to use an extended config
+# file /etc/security/pam_env.conf.
+# 
+# parsing /etc/environment needs "readenv=1"
+session       required   pam_env.so readenv=1
+# locale variables are also kept into /etc/default/locale in etch
+# reading this file *in addition to /etc/environment* does not hurt
+session       required   pam_env.so readenv=1 envfile=/etc/default/locale
+# Defines the MAIL environment variable
+# However, userdel also needs MAIL_DIR and MAIL_FILE variables
+# in /etc/login.defs to make sure that removing a user 
+# also removes the user's mail spool file.
+# See comments in /etc/login.defs
+#
+# "nopen" stands to avoid reporting new mail when su'ing to another user
+session    optional   pam_mail.so nopen
+# Sets up user limits, please uncomment and read /etc/security/limits.conf
+# to enable this functionality.
+# (Replaces the use of /etc/limits in old login)
+# session    required   pam_limits.so
+# The standard Unix authentication modules, used with
+# NIS (man nsswitch) as well as normal /etc/passwd and
+# /etc/shadow entries.
+auth       include      common-auth
+account    include      common-account
+session    include      common-session

diff --git a/meta/recipes-extended/shadow/files/pam.d/su b/meta/recipes-extended/shadow/files/pam.d/su new file mode 100644 index 0000000000..8e35137f37 --- /dev/null +++ b/meta/recipes-extended/shadow/files/pam.d/su
@@ -0,0 +1,60 @@
	1	#
	2	# The PAM configuration file for the Shadow `su' service
	3	#
	4
	5	# This allows root to su without passwords (normal operation)
	6	auth sufficient pam_rootok.so
	7
	8	# Uncomment this to force users to be a member of group root
	9	# before they can use `su'. You can also add "group=foo"
	10	# to the end of this line if you want to use a group other
	11	# than the default "root" (but this may have side effect of
	12	# denying "root" user, unless she's a member of "foo" or explicitly
	13	# permitted earlier by e.g. "sufficient pam_rootok.so").
	14	# (Replaces the `SU_WHEEL_ONLY' option from login.defs)
	15	# auth required pam_wheel.so
	16
	17	# Uncomment this if you want wheel members to be able to
	18	# su without a password.
	19	# auth sufficient pam_wheel.so trust
	20
	21	# Uncomment this if you want members of a specific group to not
	22	# be allowed to use su at all.
	23	# auth required pam_wheel.so deny group=nosu
	24
	25	# Uncomment and edit /etc/security/time.conf if you need to set
	26	# time restrainst on su usage.
	27	# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs
	28	# as well as /etc/porttime)
	29	# account requisite pam_time.so
	30
	31	# This module parses environment configuration file(s)
	32	# and also allows you to use an extended config
	33	# file /etc/security/pam_env.conf.
	34	#
	35	# parsing /etc/environment needs "readenv=1"
	36	session required pam_env.so readenv=1
	37	# locale variables are also kept into /etc/default/locale in etch
	38	# reading this file in addition to /etc/environment does not hurt
	39	session required pam_env.so readenv=1 envfile=/etc/default/locale
	40
	41	# Defines the MAIL environment variable
	42	# However, userdel also needs MAIL_DIR and MAIL_FILE variables
	43	# in /etc/login.defs to make sure that removing a user
	44	# also removes the user's mail spool file.
	45	# See comments in /etc/login.defs
	46	#
	47	# "nopen" stands to avoid reporting new mail when su'ing to another user
	48	session optional pam_mail.so nopen
	49
	50	# Sets up user limits, please uncomment and read /etc/security/limits.conf
	51	# to enable this functionality.
	52	# (Replaces the use of /etc/limits in old login)
	53	# session required pam_limits.so
	54
	55	# The standard Unix authentication modules, used with
	56	# NIS (man nsswitch) as well as normal /etc/passwd and
	57	# /etc/shadow entries.
	58	auth include common-auth
	59	account include common-account
	60	session include common-session