narmi2
asked on
PAM on Ubuntu
Dear Experts,
Does anyone here know how to use PAM on Ubuntu 8.04 to set permissions? Apparently it is better to use PAM. I have a shared computer and want to stop users looking at other users folders, settings, and temporary files.
Please help.
Does anyone here know how to use PAM on Ubuntu 8.04 to set permissions? Apparently it is better to use PAM. I have a shared computer and want to stop users looking at other users folders, settings, and temporary files.
Please help.
You seem to be a bit confused. PAM is authentication pluggable tool not a tool to set permissions. What you are looking for is probably ACL (although the actual need to use ACLs is very rare, 99% cases can be solved with simple Unix access rights).
ASKER
According to the documentation in login.defs, I do want to use PAM
# UMASK usage is discouraged because it catches only some classes of user
# entries to system, in fact only those made through login(1), while setting
# umask in shell rc file will catch also logins through su, cron, ssh etc.
#
# At the same time, using shell rc to set umask won't catch entries which use
# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
# user and alike.
#
# Therefore the use of pam_umask is recommended as the solution which
# catches all these cases on PAM-enabled systems.
#
# This avoids the confusion created by having the umask set
# in two different places -- in login.defs and shell rc files (i.e.
# /etc/profile).
# UMASK usage is discouraged because it catches only some classes of user
# entries to system, in fact only those made through login(1), while setting
# umask in shell rc file will catch also logins through su, cron, ssh etc.
#
# At the same time, using shell rc to set umask won't catch entries which use
# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
# user and alike.
#
# Therefore the use of pam_umask is recommended as the solution which
# catches all these cases on PAM-enabled systems.
#
# This avoids the confusion created by having the umask set
# in two different places -- in login.defs and shell rc files (i.e.
# /etc/profile).
from bellow, which line makes you think that pum can crontall share ??
------------
According to the documentation in login.defs, I do want to use PAM
# UMASK usage is discouraged because it catches only some classes of user
# entries to system, in fact only those made through login(1), while setting
# umask in shell rc file will catch also logins through su, cron, ssh etc.
#
# At the same time, using shell rc to set umask won't catch entries which use
# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
# user and alike.
#
# Therefore the use of pam_umask is recommended as the solution which
# catches all these cases on PAM-enabled systems.
#
# This avoids the confusion created by having the umask set
# in two different places -- in login.defs and shell rc files (i.e.
# /etc/profile).
are you thiking of umask ??
------------
According to the documentation in login.defs, I do want to use PAM
# UMASK usage is discouraged because it catches only some classes of user
# entries to system, in fact only those made through login(1), while setting
# umask in shell rc file will catch also logins through su, cron, ssh etc.
#
# At the same time, using shell rc to set umask won't catch entries which use
# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
# user and alike.
#
# Therefore the use of pam_umask is recommended as the solution which
# catches all these cases on PAM-enabled systems.
#
# This avoids the confusion created by having the umask set
# in two different places -- in login.defs and shell rc files (i.e.
# /etc/profile).
are you thiking of umask ??
ASKER
This whole thread makes me think I should be using PAM:
http://forums.debian.net/viewtopic.php?f=10&t=33979
http://forums.debian.net/viewtopic.php?f=10&t=33979
Could you explain what you actually need help with? You don't know how to switch to PAM or you need help with UMASK?
ASKER
According to the link above, you can centerally set umask using pam. but when I try to install pam i.e. libpam_umask, it wants to remove the kernel from ubuntu.
So basically, I need help with setting up and installing pam in general.
So basically, I need help with setting up and installing pam in general.
Ok so its about umask, its nothign to do with pam
if you read that article, you will see, there is some section, tis said to use chmod command to restrict control
if you want to know about umask
http://www.cyberciti.biz/tips/understanding-linux-unix-umask-value-usage.html
umask, is suppose , if you want want a system that , when a user will create a directory or file, it will be automaticaly set a certain permission, then you can setup umask . so it will apply with every file and directory
read that
if you read that article, you will see, there is some section, tis said to use chmod command to restrict control
if you want to know about umask
http://www.cyberciti.biz/tips/understanding-linux-unix-umask-value-usage.html
umask, is suppose , if you want want a system that , when a user will create a directory or file, it will be automaticaly set a certain permission, then you can setup umask . so it will apply with every file and directory
read that
ASKER
yes, but according to that article, it seems you cannot set umask centerally without pam. without pam you have to make changes in more than one config file.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
yes, that is the problem i am having, it wants to remove the whole system... ok so now I know it's in libpam_modules, I will try installing that and see if I can set umask centerally.
may be there is a way but i dont know ..
but why dont you use , linux permission for that ??
if you can define accurate permission for user, groups and insert user into those groups, your pupose would be solved
have you tryed with that ??