Page 1 of 1

PAM settings ...

Posted: 2018/02/08 17:46:17
by grdt
are there a command for to adjust the PAM settings?

Re: PAM settings ...

Posted: 2018/02/09 05:06:34
by hunter86_bg
Authconfig/authconfig-tui and the GUI baassed aolution can do that, but they are not designed to do it specifically for PAM.

What do you want to achieve?

Re: PAM settings ...

Posted: 2018/02/09 05:58:25
by grdt
ls -la /home/vpopmail/
total 4
drwx--x--x. 8 vpopmail vchkpw 80 Jan 31 11:37 .
drwxr-xr-x. 5 root root 50 Jan 31 13:32 ..
drwxr-xr-x. 2 vpopmail vchkpw 4096 Jan 31 11:37 bin
drwxr-xr-x. 4 vpopmail vchkpw 38 Jan 31 11:37 doc
drwx------. 3 vpopmail vchkpw 46 Jan 31 12:32 domains
drwxr-xr-x. 2 vpopmail vchkpw 102 Jan 31 12:34 etc
drwxr-xr-x. 2 vpopmail vchkpw 158 Jan 31 11:37 include
drwxr-xr-x. 2 vpopmail vchkpw 27 Jan 31 11:37 lib

You can see the 'dot' at the permissions string end

ls -lsZ /home/vpopmail/
total 4
drwxr-xr-x. vpopmail vchkpw unconfined_u:object_r:home_root_t:s0 bin
drwxr-xr-x. vpopmail vchkpw unconfined_u:object_r:home_root_t:s0 doc
drwx------. vpopmail vchkpw unconfined_u:object_r:home_root_t:s0 domains
drwxr-xr-x. vpopmail vchkpw unconfined_u:object_r:home_root_t:s0 etc
drwxr-xr-x. vpopmail vchkpw unconfined_u:object_r:home_root_t:s0 include
drwxr-xr-x. vpopmail vchkpw unconfined_u:object_r:home_root_t:s0 lib

Something is very bad here ... !?

Re: PAM settings ...

Posted: 2018/02/09 07:41:13
by grdt
I did a 'authconfig --test' on my system, and I get the following (among very many other things);

.
.
pam_mkhomedir or pam_oddjob_mkhomedir is disabled (umask=0077)


- But I will consult somebody who has deeper knowledge in here; otherwise my system may be spoilt.

Re: PAM settings ...

Posted: 2018/02/09 13:46:01
by jlehtone
info coreutils 'ls invocation' wrote: Following the file mode bits is a single character that specifies
whether an alternate access method such as an access control list
applies to the file. When the character following the file mode
bits is a space, there is no alternate access method. When it is a
printing character, then there is such a method.

GNU 'ls' uses a '.' character to indicate a file with an SELinux
security context, but no other alternate access method.

A file with any other combination of alternate access methods is
marked with a '+' character.
In other words, the manual page of command 'ls' does explain the meaning of the 'dot'.


The way you did present your problem ... take a look at:
http://xyproblem.info/
http://www.catb.org/esr/faqs/smart-questions.html