trunk/debian/login.su.pam

#
# The PAM configuration file for the Shadow `su' service
#

# This allows root to su without passwords (normal operation)
auth       sufficient pam_rootok.so

# Uncomment this to force users to be a member of group root
# before they can use `su'. You can also add "group=foo"
# to the end of this line if you want to use a group other
# than the default "root" (but this may have side effect of
# denying "root" user, unless she's a member of "foo" or explicitly
# permitted earlier by e.g. "sufficient pam_rootok.so").
# (Replaces the `SU_WHEEL_ONLY' option from login.defs)
# auth       required   pam_wheel.so

# Uncomment this if you want wheel members to be able to
# su without a password.
# auth       sufficient pam_wheel.so trust

# Uncomment this if you want members of a specific group to not
# be allowed to use su at all.
# auth       required   pam_wheel.so deny group=nosu

# Uncomment and edit /etc/security/time.conf if you need to set
# time restrainst on su usage.
# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs
# as well as /etc/porttime)
# account    requisite  pam_time.so

# This module parses environment configuration file(s)
# and also allows you to use an extended config
# file /etc/security/pam_env.conf.
# 
# parsing /etc/environment needs "readenv=1"
session       required   pam_env.so readenv=1
# locale variables are also kept into /etc/default/locale in etch
# reading this file *in addition to /etc/environment* does not hurt
session       required   pam_env.so readenv=1 envfile=/etc/default/locale

# Defines the MAIL environment variable
# However, userdel also needs MAIL_DIR and MAIL_FILE variables
# in /etc/login.defs to make sure that removing a user 
# also removes the user's mail spool file.
# See comments in /etc/login.defs
#
# "nopen" stands to avoid reporting new mail when su'ing to another user
session    optional   pam_mail.so nopen

# Sets up user limits, please uncomment and read /etc/security/limits.conf
# to enable this functionality.
# (Replaces the use of /etc/limits in old login)
# session    required   pam_limits.so

# The standard Unix authentication modules, used with
# NIS (man nsswitch) as well as normal /etc/passwd and
# /etc/shadow entries.
@include common-auth
@include common-account
@include common-session


1	#
2	# The PAM configuration file for the Shadow `su' service
3	#
4
5	# This allows root to su without passwords (normal operation)
6	auth sufficient pam_rootok.so
7
8	# Uncomment this to force users to be a member of group root
9	# before they can use `su'. You can also add "group=foo"
10	# to the end of this line if you want to use a group other
11	# than the default "root" (but this may have side effect of
12	# denying "root" user, unless she's a member of "foo" or explicitly
13	# permitted earlier by e.g. "sufficient pam_rootok.so").
14	# (Replaces the `SU_WHEEL_ONLY' option from login.defs)
15	# auth required pam_wheel.so
16
17	# Uncomment this if you want wheel members to be able to
18	# su without a password.
19	# auth sufficient pam_wheel.so trust
20
21	# Uncomment this if you want members of a specific group to not
22	# be allowed to use su at all.
23	# auth required pam_wheel.so deny group=nosu
24
25	# Uncomment and edit /etc/security/time.conf if you need to set
26	# time restrainst on su usage.
27	# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs
28	# as well as /etc/porttime)
29	# account requisite pam_time.so
30
31	# This module parses environment configuration file(s)
32	# and also allows you to use an extended config
33	# file /etc/security/pam_env.conf.
34	#
35	# parsing /etc/environment needs "readenv=1"
36	session required pam_env.so readenv=1
37	# locale variables are also kept into /etc/default/locale in etch
38	# reading this file in addition to /etc/environment does not hurt
39	session required pam_env.so readenv=1 envfile=/etc/default/locale
40
41	# Defines the MAIL environment variable
42	# However, userdel also needs MAIL_DIR and MAIL_FILE variables
43	# in /etc/login.defs to make sure that removing a user
44	# also removes the user's mail spool file.
45	# See comments in /etc/login.defs
46	#
47	# "nopen" stands to avoid reporting new mail when su'ing to another user
48	session optional pam_mail.so nopen
49
50	# Sets up user limits, please uncomment and read /etc/security/limits.conf
51	# to enable this functionality.
52	# (Replaces the use of /etc/limits in old login)
53	# session required pam_limits.so
54
55	# The standard Unix authentication modules, used with
56	# NIS (man nsswitch) as well as normal /etc/passwd and
57	# /etc/shadow entries.
58	@include common-auth
59	@include common-account
60	@include common-session
61
62