diff options
author | Thorsten Kukuk <5908016+thkukuk@users.noreply.github.com> | 2019-09-16 17:17:49 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2019-09-16 17:17:49 +0200 |
commit | 65d6735c5949ec233df9813f734e918a93fa36cf (patch) | |
tree | c147e1f9ab27479abb3e2be94a2969aad6d87b68 /modules/pam_securetty/pam_securetty.8.xml | |
parent | 3a3e70739834cd5cbd17469907ef718c81ae40c0 (diff) |
Add support for a vendor directory and libeconf (#136)
With this, it is possible for Linux distributors to store their
supplied default configuration files somewhere below /usr, while
/etc only contains the changes made by the user. The new option
--enable-vendordir defines where Linux-PAM should additional look
for pam.d/*, login.defs and securetty if this files are not in /etc.
libeconf is a key/value configuration file reading library, which
handles the split of configuration files in different locations
and merges them transparently for the application.
Diffstat (limited to 'modules/pam_securetty/pam_securetty.8.xml')
-rw-r--r-- | modules/pam_securetty/pam_securetty.8.xml | 15 |
1 files changed, 9 insertions, 6 deletions
diff --git a/modules/pam_securetty/pam_securetty.8.xml b/modules/pam_securetty/pam_securetty.8.xml index 48215f5f..b5e83691 100644 --- a/modules/pam_securetty/pam_securetty.8.xml +++ b/modules/pam_securetty/pam_securetty.8.xml @@ -31,9 +31,12 @@ <para> pam_securetty is a PAM module that allows root logins only if the user is logging in on a "secure" tty, as defined by the listing - in <filename>/etc/securetty</filename>. pam_securetty also checks - to make sure that <filename>/etc/securetty</filename> is a plain - file and not world writable. It will also allow root logins on + in the <filename>securetty</filename> file. pam_securetty checks at + first, if <filename>/etc/securetty</filename> exists. If not and + it was built with vendordir support, it will use + <filename>%vendordir%/securetty</filename>. pam_securetty also + checks that the <filename>securetty</filename> files are plain + files and not world writable. It will also allow root logins on the tty specified with <option>console=</option> switch on the kernel command line and on ttys from the <filename>/sys/class/tty/console/active</filename>. @@ -73,7 +76,7 @@ Do not automatically allow root logins on the kernel console device, as specified on the kernel command line or by the sys file, if it is not also specified in the - <filename>/etc/securetty</filename> file. + <filename>securetty</filename> file. </para> </listitem> </varlistentry> @@ -106,7 +109,7 @@ <para> Authentication is rejected. Either root is attempting to log in via an unacceptable device, or the - <filename>/etc/securetty</filename> file is world writable or + <filename>securetty</filename> file is world writable or not a normal file. </para> </listitem> @@ -127,7 +130,7 @@ <para> An error occurred while the module was determining the user's name or tty, or the module could not open - <filename>/etc/securetty</filename>. + the <filename>securetty</filename> file. </para> </listitem> </varlistentry> |