Chapter 7. Pluggable Authentication Modules (PAM)
117
7.8.1. Device Ownership
When a user logs into a machine under Red Hat Linux, the
pam_console.so
module is called by
login
or the graphical login programs, gdm and kdm. If this user is the first user to log in at the
physical console   called the console user   the module grants ownership of a variety of devices
normally owned by root. The console user owns these devices until the last local session for that user
ends. Once the user has logged out, ownership of the devices reverts back to their default values.
The devices affected include, but are not limited to, sound cards, floppy drives, and CD ROM drives.
This allows a local user to manipulate these devices without attaining root, thus simplifying common
tasks for the console user.
In the file
/etc/security/console.perms
, you can edit the list of devices controlled by
pam_console.so
.
7.8.2. Application Access
The console user is also allowed access to any program with a file bearing the command name in the
/etc/security/console.apps/
directory. These files do not need to contain any data, but must
have the exact name of the command to which they correspond.
One notable group of applications the console user has access to are three programs which shut off or
reboot the system. These are:
  /sbin/halt
  /sbin/reboot
  /sbin/poweroff
Because these are PAM aware applications, they call the
pam_console.so
as a requirement for use.
For more information see the man pages for
pam_console
,
console.perms
, and
console.apps
.
7.9. Additional Resources
Below is a list of information sources for using and configuring PAM on your system. In addition to
these sources, you should read the PAM configuration files on your system to better understand how
they are structured.
7.9.1. Installed Documentation
  pam
man page   Good introductory information on PAM, including the structure and purpose of
the PAM configuration files.
  /usr/share/doc/pam version number
  Contains a System Administrators' Guide, a Mod 
ule Writers' Manual, and an Application Developers' Manual. Also contains a copy of the PAM
standard, DCE RFC 86.0.
7.9.2. Useful Websites
http://www.kernel.org/pub/linux/libs/pam   The primary distribution website for the Linux PAM
project, containing information on various PAM modules, a FAQ, and additional PAM documenta 
tion.






footer




 

 

 

 

 Home | About Us | Network | Services | Support | FAQ | Control Panel | Order Online | Sitemap | Contact

tomcat hosting

 

Our partners: PHP: Hypertext Preprocessor Best Web Hosting Java Web Hosting Inexpensive Web Hosting  Jsp Web Hosting

Cheapest Web Hosting Jsp Hosting Cheap Hosting

Visionwebhosting.net Business web hosting division of Web Design Plus. All rights reserved