On Tue, 2003-08-19 at 11:51, blocke(a)shivan.org wrote:>
> I am against any change. The default behavior is documented
This is not documenting a default behaviour. This is documenting that the
functionality is not provided at all when it is and gives an ancient rant
as an excuse why. In my opinion if people want to preserve the rant for
I think it would be a mistake to document PAM functionality in the su
You may be right about the historical rant. Even though I disagree with
RMS, I think it is a nice bit of history, and I like your idea of
preserving it elsewhere.
Thus breaking user to user su for non-wheel users. It is not the
I don't know how to do this with PAM. Can you explain how this is done?
On my systems, when I add
auth required /path/pam_wheel.so use_uid
it limits user to user su also. Is there an option I'm missing?
But in Red Hat it does, via pam, and should be documented as such.
And it could be done just as easily with other methods, like RBAC and
stuff. My concern is that pam_wheel is a generic PAM module which can
provide the functionality that RMS rants against, but it is not limited
to su, is not part of the su code, and it is not the default
configuration of su.
I guess I don't have a problem mentioning in the su info that there ways
of getting wheel limits (and pointing to PAM as one), but the su doc is
not the place to document pam_wheel.