[systemd-devel] user slice changes for uid ranges
Mantas Mikulėnas
grawity at gmail.com
Tue Oct 1 08:45:28 UTC 2019
On Tue, Oct 1, 2019 at 11:19 AM Stijn De Weirdt <stijn.deweirdt at ugent.be>
wrote:
> hello mantas, jeremy, all,
>
>
> wrt the pam script magic, i'm not a big fan, esp because it is optional.
> i'd rather have those users not login than that they don't have the
> constraints. (but obvioulsy, i really don't want to lock myself out, so
> i totally see what you need the optional keyword)
>
It's as optional as you make it. If the script exits with non-0, pam_exec
returns PAM_SYSTEM_ERR and you can treat this as a fatal error.
To avoid locking yourself out, either always make it exit 0 for root, or
"session [success=1 default=ignore] pam_succeed_if.so user ingroup wheel",
etc.
--
Mantas Mikulėnas
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/systemd-devel/attachments/20191001/bb79030a/attachment.html>
More information about the systemd-devel
mailing list