On Wed, Jun 01, 2011 at 12:43:46PM +0200, StanisÅ‚aw Findeisen wrote:
> It looks that pam_listfile only allows to restrict *source* user set and
> *not* *target* user set.
That's not true at all. item=user *is* the target user set. (Source user
set would be the seldom-used item=ruser.)
> Here's the debian-user discussion:
> Is there any way to do what I want?
As already suggested, sudo does seem to be a better fit for what you're
trying to achieve.
pam_listfile isn't going to give you any reasonable mapping for applicant /
target user *pairs*; you only get "this list of users are allowed access to
this other list of users".
> If I write a patch for pam_listfile, will you accept it to Debian?
No. It would have to go upstream first; but I'll say that such a patch is
unlikely to be accepted.
> Where is the source code?
I think that's more of a question for debian-user anyway, but:
$ dpkg -S /lib/security/pam_listfile.so
$ debcheckout libpam-modules
declared bzr repository at nosmart+http://bzr.debian.org/bzr/pkg-pam/debian/sid/
bzr branch nosmart+http://bzr.debian.org/bzr/pkg-pam/debian/sid/ libpam-modules ...
> Or maybe that should be a new PAM module?
It could be. But I'm skeptical that such a module would be of widespread
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
Ubuntu Developer http://www.debian.org/