- Timestamp:
- 11/24/2018 08:21:05 PM (5 years ago)
- Branches:
- 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 12.0, 12.1, 8.4, 9.0, 9.1, bdubbs/svn, elogind, kea, ken/TL2024, ken/inkscape-core-mods, ken/tuningfonts, lazarus, lxqt, plabs/newcss, plabs/python-mods, python3.11, qt5new, rahul/power-profiles-daemon, renodr/vulkan-addition, trunk, upgradedb, xry111/intltool, xry111/llvm18, xry111/soup3, xry111/test-20220226, xry111/xf86-video-removal
- Children:
- 2a9e001
- Parents:
- 9939292
- Location:
- postlfs/security
- Files:
-
- 3 edited
Legend:
- Unmodified
- Added
- Removed
-
postlfs/security/make-ca.xml
r9939292 ra5b9f1e 116 116 trust both for all three roles, the following commands will create 117 117 appropriate OpenSSL trusted certificates (run as the <systemitem 118 class="username">root</systemitem> user):</para> 118 class="username">root</systemitem> user after 119 <xref linkend="wget"/> is installed):</para> 119 120 120 121 <screen role="nodump"><userinput>install -vdm755 /etc/ssl/local && -
postlfs/security/shadow.xml
r9939292 ra5b9f1e 359 359 #auth optional pam_group.so 360 360 361 # include the defaultauth settings361 # include system auth settings 362 362 auth include system-auth 363 363 … … 365 365 account required pam_access.so 366 366 367 # include the defaultaccount settings367 # include system account settings 368 368 account include system-account 369 369 … … 383 383 #session optional pam_mail.so standard quiet 384 384 385 # include the defaultsession and password settings385 # include system session and password settings 386 386 session include system-session 387 387 password include system-password … … 411 411 # always allow root 412 412 auth sufficient pam_rootok.so 413 414 # Allow users in the wheel group to execute su without a password 415 # disabled by default 416 #auth sufficient pam_wheel.so trust use_uid 417 418 # include system auth settings 413 419 auth include system-auth 414 420 415 # include the default account settings 421 # limit su to users in the wheel group 422 auth required pam_wheel.so use_uid 423 424 # include system account settings 416 425 account include system-account 417 426 … … 419 428 session required pam_env.so 420 429 421 # include system session defaults430 # include system session settings 422 431 session include system-session 423 432 … … 435 444 auth sufficient pam_rootok.so 436 445 437 # include system defaults for auth account and session446 # include system auth, account, and session settings 438 447 auth include system-auth 439 448 account include system-account -
postlfs/security/sudo.xml
r9939292 ra5b9f1e 223 223 ADMIN ALL = NOPASSWD: ALL</screen> 224 224 225 <para> 226 Another common configuration is to allow members of the wheel group to 227 execute all commands after providing their own credientials. Use the 228 following command to edit default <filename>/etc/sudoers</filename> 229 file as the <systemitem class="username">root</systemitem> user: 230 </para> 231 232 <screen role="nodump"><userinput>sed '/wheel.*) ALL/s/^# //' -i.bak /etc/sudoers</userinput></screen> 233 225 234 <para> 226 235 For details, see <command>man sudoers</command>.
Note:
See TracChangeset
for help on using the changeset viewer.