Re: pam_access and a .d directory

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, 2006-09-06 at 20:26 +0200, Thorsten Kukuk wrote:
> On Wed, Sep 06, seth vidal wrote:
> 
> > Hi,
> >  On our systems we use pam_access quite extensively. We have a base-set
> > of rules we apply to every server and then some servers require special
> > rules. We'd love to be able to use something like:
> > 
> > /etc/security/access.conf <-- default rules
> > /etc/security/access.conf.d/*.conf <-- additional rules concatenated
> > onto the end of the whole set.
> > 
> > Just like with all the other .d directory changes it would allow us to
> > drop a file onto the system to let that work w/o having to modify the
> > access.conf itself.
> 
> The problem is: the order is important, the first matched rule 
> found will be used. with a .d directory, you don't have this
> control anymore and you can get bad side effects, depending on at
> which time which files are created.

glob() returns found matches in sorted order, although LC_COLLATE should
be set to "C" temporarily, so the sorting order doesn't depend on
locale.

-- 
Tomas Mraz
No matter how far down the wrong road you've gone, turn back.
                                              Turkish proverb

_______________________________________________
Pam-list mailing list
Pam-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/pam-list

[Index of Archives]     [Fedora Users]     [Kernel]     [Red Hat Install]     [Linux for the blind]     [Gimp]

  Powered by Linux