On Tue, Feb 19, 2013 at 01:10:41PM +0100, Michal Schmidt wrote:
On 02/18/2013 08:59 PM, Josh Boyer wrote:
>On Mon, Feb 18, 2013 at 02:36:04PM -0500, Eric Paris wrote:
>>On Mon, 2013-02-18 at 14:28 -0500, Josh Boyer wrote:
>>>On Mon, Feb 18, 2013 at 01:42:09PM -0500, Eric Paris wrote:
>>>>What breaks is admin running
>>>>
>>>>/usr/sbin/sshd -D
>>>>
>>>>or
>>>>
>>>>/usr/sbin/crond -n
>>>>
>>>>unless they redo their stock pam config...
>>>
>>>And there's no way we can fix the stock pam config so they don't have
to
>>>do that?
>
>Do you happen to have an example of how to modify the pam config to let
>people still do this? If so, could you send it here?
/etc/pam.d/sshd has:
session required pam_loginuid.so
They could replace 'required' with 'optional'. But then they need to
be aware of the consequences: The loginuid of all users logged in
via ssh would be the same as the loginuid of the administrator who
started sshd from his shell.
Thanks.
In my view we should not assist the administrators doing that. They
should learn to start services in a clean environment (i.e. by
systemd).
I'm not necessarily disagreeing with you, but not everyone is going to
agree with you regardless of how sane and correct you might be ;).
I'll turn the config on in today's batch of commits.
josh