The Floppy Group - Red Hat ENTERPRISE LINUX 5 - DEPLOYMENT Deployment Manual
Hide thumbs
Also See for ENTERPRISE LINUX 5 - DEPLOYMENT:
- Manual (402 pages) ,
- Configuration (86 pages) ,
- Overview (68 pages)
Table of Contents
Advertisement
Chapter 27. Console Access
cd /usr/bin ln -s consolehelper foo
2. Create the file /etc/security/console.apps/foo:
touch /etc/security/console.apps/foo
3. Create a PAM configuration file for the foo service in /etc/pam.d/. An easy way to do this is
to copy the PAM configuration file of the halt service, and then modify the copy if you want to
change the behavior:
cp /etc/pam.d/halt /etc/pam.d/foo
Now, when /usr/bin/foo is executed, consolehelper is called, which authenticates the user with
the help of /usr/sbin/userhelper. To authenticate the user, consolehelper asks for the user's
password if /etc/pam.d/foo is a copy of /etc/pam.d/halt (otherwise, it does precisely what is
specified in /etc/pam.d/foo) and then runs /usr/sbin/foo with root permissions.
In the PAM configuration file, an application can be configured to use the pam_timestamp module to
remember (or cache) a successful authentication attempt. When an application is started and proper
authentication is provided (the root password), a timestamp file is created. By default, a successful
authentication is cached for five minutes. During this time, any other application that is configured to
use pam_timestamp and run from the same session is automatically authenticated for the user — the
user does not have to enter the root password again.
This module is included in the pam package. To enable this feature, add the following lines to your
PAM configuration file in etc/pam.d/:
auth
include
account
include
session
include
These lines can be copied from any of the /etc/pam.d/system-config-* configuration files. Note
that these lines must be added below any other auth sufficient session optional lines in
your PAM configuration file.
If an application configured to use pam_timestamp is successfully authenticated from the
Applications (the main menu on the panel), the
panel if you are running the GNOME or KDE desktop environment. After the authentication expires
(the default is five minutes), the icon disappears.
The user can select to forget the cached authentication by clicking on the icon and selecting the option
to forget authentication.
27.6. The floppy Group
If, for whatever reason, console access is not appropriate for you and your non-root users require
access to your system's diskette drive, this can be done using the floppy group. Add the user(s) to
430
config-util
config-util
config-util
icon is displayed in the notification area of the
Advertisement
Table of Contents
Need help?
Do you have a question about the ENTERPRISE LINUX 5 - DEPLOYMENT and is the answer not in the manual?
Questions and answers