summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChris PeBenito <pebenito@gentoo.org>2003-08-16 01:10:04 +0000
committerChris PeBenito <pebenito@gentoo.org>2003-08-16 01:10:04 +0000
commita4f57da1731fc92ae91e0843990883eff50fa075 (patch)
treec4c0eede8560a22c1fcd84b018f4a009dc691c69 /sys-apps/policycoreutils
parentmark stable rm old (diff)
downloadgentoo-2-a4f57da1731fc92ae91e0843990883eff50fa075.tar.gz
gentoo-2-a4f57da1731fc92ae91e0843990883eff50fa075.tar.bz2
gentoo-2-a4f57da1731fc92ae91e0843990883eff50fa075.zip
install good pam.d entries
Diffstat (limited to 'sys-apps/policycoreutils')
-rw-r--r--sys-apps/policycoreutils/Manifest4
-rw-r--r--sys-apps/policycoreutils/files/newrole30
-rw-r--r--sys-apps/policycoreutils/files/run_init30
-rw-r--r--sys-apps/policycoreutils/policycoreutils-1.1.ebuild7
4 files changed, 69 insertions, 2 deletions
diff --git a/sys-apps/policycoreutils/Manifest b/sys-apps/policycoreutils/Manifest
index 1690bac4e61a..cc5e1e35d097 100644
--- a/sys-apps/policycoreutils/Manifest
+++ b/sys-apps/policycoreutils/Manifest
@@ -1,8 +1,10 @@
MD5 5e9c77e1722ffe0ba097de3e8d291708 policycoreutils-1.0.ebuild 925
MD5 fd55bafe00aa7a8e91b2d172642b0ef4 metadata.xml 268
MD5 319a20355e64020523f0dddb1edc2a22 ChangeLog 691
-MD5 d653a42c50b22c182c18760cde8966f9 policycoreutils-1.1.ebuild 930
+MD5 502cf1d82408dc282b0ebd0ea8d58f50 policycoreutils-1.1.ebuild 1065
MD5 a70bb20f56dfca63475bea2bc811927a files/digest-policycoreutils-1.0 67
MD5 6d4df7058894970c15d4066f7ad88c29 files/policycoreutils-1.0-gentoo.diff 1818
MD5 1f231a1da642997577ac4567ee9867ac files/rlpkg 2317
MD5 2d09b4cfc5e5b399863a1ecd381ba33e files/digest-policycoreutils-1.1 67
+MD5 8daee4f4fd3e4a74c4d5f2ddb6b086a5 files/newrole 1197
+MD5 8daee4f4fd3e4a74c4d5f2ddb6b086a5 files/run_init 1197
diff --git a/sys-apps/policycoreutils/files/newrole b/sys-apps/policycoreutils/files/newrole
new file mode 100644
index 000000000000..12dc3c21b326
--- /dev/null
+++ b/sys-apps/policycoreutils/files/newrole
@@ -0,0 +1,30 @@
+#%PAM-1.0
+
+
+# If you want to restrict users begin allowed to su even more,
+# create /etc/security/suauth.allow (or to that matter) that is only
+# writable by root, and add users that are allowed to su to that
+# file, one per line.
+#auth required /lib/security/pam_listfile.so item=ruser sense=allow onerr=fail file=/etc/security/suauth.allow
+
+# Uncomment this to allow users in the wheel group to su without
+# entering a passwd.
+#auth sufficient /lib/security/pam_wheel.so use_uid trust
+
+# Alternatively to above, you can implement a list of users that do
+# not need to supply a passwd with a list.
+#auth sufficient /lib/security/pam_listfile.so item=ruser sense=allow onerr=fail file=/etc/security/suauth.nopass
+
+# Comment this to allow any user, even those not in the 'wheel'
+# group to su
+auth required /lib/security/pam_wheel.so use_uid
+
+auth required /lib/security/pam_stack.so service=system-auth
+
+account required /lib/security/pam_stack.so service=system-auth
+
+password required /lib/security/pam_stack.so service=system-auth
+
+session required /lib/security/pam_stack.so service=system-auth
+session optional /lib/security/pam_xauth.so
+
diff --git a/sys-apps/policycoreutils/files/run_init b/sys-apps/policycoreutils/files/run_init
new file mode 100644
index 000000000000..12dc3c21b326
--- /dev/null
+++ b/sys-apps/policycoreutils/files/run_init
@@ -0,0 +1,30 @@
+#%PAM-1.0
+
+
+# If you want to restrict users begin allowed to su even more,
+# create /etc/security/suauth.allow (or to that matter) that is only
+# writable by root, and add users that are allowed to su to that
+# file, one per line.
+#auth required /lib/security/pam_listfile.so item=ruser sense=allow onerr=fail file=/etc/security/suauth.allow
+
+# Uncomment this to allow users in the wheel group to su without
+# entering a passwd.
+#auth sufficient /lib/security/pam_wheel.so use_uid trust
+
+# Alternatively to above, you can implement a list of users that do
+# not need to supply a passwd with a list.
+#auth sufficient /lib/security/pam_listfile.so item=ruser sense=allow onerr=fail file=/etc/security/suauth.nopass
+
+# Comment this to allow any user, even those not in the 'wheel'
+# group to su
+auth required /lib/security/pam_wheel.so use_uid
+
+auth required /lib/security/pam_stack.so service=system-auth
+
+account required /lib/security/pam_stack.so service=system-auth
+
+password required /lib/security/pam_stack.so service=system-auth
+
+session required /lib/security/pam_stack.so service=system-auth
+session optional /lib/security/pam_xauth.so
+
diff --git a/sys-apps/policycoreutils/policycoreutils-1.1.ebuild b/sys-apps/policycoreutils/policycoreutils-1.1.ebuild
index 0a7f16b9cdfc..50d068aff7e8 100644
--- a/sys-apps/policycoreutils/policycoreutils-1.1.ebuild
+++ b/sys-apps/policycoreutils/policycoreutils-1.1.ebuild
@@ -1,6 +1,6 @@
# Copyright 1999-2003 Gentoo Technologies, Inc.
# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/sys-apps/policycoreutils/policycoreutils-1.1.ebuild,v 1.1 2003/08/14 15:32:03 pebenito Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-apps/policycoreutils/policycoreutils-1.1.ebuild,v 1.2 2003/08/16 01:09:59 pebenito Exp $
IUSE=""
@@ -43,4 +43,9 @@ src_install() {
make DESTDIR="${D}" install
dosbin ${FILESDIR}/rlpkg
+
+ # overwrite pam.d stuff with ours
+ rm -f ${D}/etc/pam.d/{newrole,run_init}
+ insinto /etc/pam.d
+ doins ${FILESDIR}/{newrole,run_init}
}