Manualshelf

Installation guide

ManualsBrandsPythonQ ManualsIndustrial248-8XX
111112113114115116117118119120
Chapter 7. Pluggable Authentication Modules (PAM) 117
7.8.1. Device Ownership
When a user logs into a machine under Red Hat Linux, the pam_console.so module is called by
login or the graphical login programs, gdm and kdm. If this user is the first user to log in at the
physical console called the console user the module grants ownership of a variety of devices
normally owned by root. The console user owns these devices until the last local session for that user
ends. Once the user has logged out, ownership of the devices reverts back to their default values.
The devices affected include, but are not limited to, sound cards, floppy drives, and CD-ROM drives.
This allows a local user to manipulate these devices without attaining root, thus simplifying common
tasks for the console user.
In the file /etc/security/console.perms, you can edit the list of devices controlled by
pam_console.so.
7.8.2. Application Access
The console user is also allowed access to any program with a file bearing the command name in the
/etc/security/console.apps/ directory. These files do not need to contain any data, but must
have the exact name of the command to which they correspond.
One notable group of applications the console user has access to are three programs which shut off or
reboot the system. These are:
/sbin/halt
/sbin/reboot
/sbin/poweroff
Because these are PAM-aware applications, they call the pam_console.so as a requirement for use.
For more information see the man pages for pam_console, console.perms, and console.apps.
7.9. Additional Resources
Below is a list of information sources for using and configuring PAM on your system. In addition to
these sources, you should read the PAM configuration files on your system to better understand how
they are structured.
7.9.1. Installed Documentation
pam man page — Good introductory information on PAM, including the structure and purpose of
the PAM configuration files.
/usr/share/doc/pam-version-number — Contains a System Administrators’ Guide, a Mod-
ule Writers’ Manual, and an Application Developers’ Manual. Also contains a copy of the PAM
standard, DCE-RFC 86.0.
7.9.2. Useful Websites
http://www.kernel.org/pub/linux/libs/pam The primary distribution website for the Linux-PAM
project, containing information on various PAM modules, a FAQ, and additional PAM documenta-
tion.