pam_access origins field confusion (or missing documentation?)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

I've been working on configuring pam_access to restrict access to cron jobs.  There is an example config file included that contains this line:
    #+ : root : cron crond :0 tty1 tty2 tty3 tty4 tty5 tty6

However, nowhere in the documentation is it explained where the strings 'cron' and 'crond' come from.  The origins field is specified as containing tty names, host names, domain names, host addresses, internet network numbers, internet network addresses with network mask, ALL, or LOCAL.  Nowhere is it mentioned that other things can be in there, such as for cron is this the service name?

I've looked through the source code in pam_access.c, and I'm not a C programmer so it's hard to say, but I don't see anything specific to 'cron', (like if this were a special case), nor anything about service names (though "service" is mentioned on line 873).

Can anyone explain where the "cron" part comes from?  I can see this being useful for controlling access to other things if it is clear how to use it.  I'm happy to submit documentation patches once it's been explained.


P.S. The example line above is also pretty bad since the :0 for X Windows contains a ':', which is also the field separator, so it makes it look like it's an additional undocumented forth field in the line, only adding more confusion to the undocumented use of 'cron crond'.

--
❧ Brian Mathis
@orev

_______________________________________________
Pam-list mailing list
Pam-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/pam-list
[Index of Archives]     [Fedora Users]     [Kernel]     [Red Hat Install]     [Linux for the blind]     [Gimp]

  Powered by Linux