<HTML ><HEAD ><TITLE >Configure Pluggable Authentication Modules</TITLE ><META NAME="GENERATOR" CONTENT="Modular DocBook HTML Stylesheet Version 1.7"><LINK REL="HOME" TITLE="Remote Serial Console HOWTO" HREF="index.html"><LINK REL="UP" TITLE="Configure incidentals" HREF="misc.html"><LINK REL="PREVIOUS" TITLE="Alter target of /dev/systty" HREF="misc-devsystty.html"><LINK REL="NEXT" TITLE="Configure Red Hat Linux" HREF="misc-configure-rhl.html"></HEAD ><BODY CLASS="SECTION" BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#0000FF" VLINK="#840084" ALINK="#0000FF" ><DIV CLASS="NAVHEADER" ><TABLE SUMMARY="Header navigation table" WIDTH="100%" BORDER="0" CELLPADDING="0" CELLSPACING="0" ><TR ><TH COLSPAN="3" ALIGN="center" >Remote Serial Console HOWTO</TH ></TR ><TR ><TD WIDTH="10%" ALIGN="left" VALIGN="bottom" ><A HREF="misc-devsystty.html" ACCESSKEY="P" >Prev</A ></TD ><TD WIDTH="80%" ALIGN="center" VALIGN="bottom" >Chapter 7. Configure incidentals</TD ><TD WIDTH="10%" ALIGN="right" VALIGN="bottom" ><A HREF="misc-configure-rhl.html" ACCESSKEY="N" >Next</A ></TD ></TR ></TABLE ><HR ALIGN="LEFT" WIDTH="100%"></DIV ><DIV CLASS="SECTION" ><H1 CLASS="SECTION" ><A NAME="MISC-PAM" ></A >7.6. Configure Pluggable Authentication Modules</H1 ><P >The <SPAN CLASS="APPLICATION" >Pluggable Authentication Module</SPAN > system can be used to give special privileges to users that logged in through the console. It is used to make devices like the floppy disk mountable by the console's user; usually they would need to become the super-user to mount a disk.</P ><P >The <SPAN CLASS="ACRONYM" >PAM</SPAN > configuration file <TT CLASS="FILENAME" >/etc/security/console.perms</TT > contains the <TT CLASS="LITERAL" ><console></TT > variable. For <SPAN CLASS="PRODUCTNAME" >Red Hat Linux</SPAN > <SPAN CLASS="PRODUCTNUMBER" >7.1</SPAN > <TT CLASS="LITERAL" ><console></TT > is the regular expression:</P ><DIV CLASS="FIGURE" ><A NAME="MISC-PAM-DEFAULT-CONSOLE" ></A ><P ><B >Figure 7-9. Default <TT CLASS="LITERAL" ><console></TT > in <TT CLASS="FILENAME" >console.perms</TT > refers to attached keyboard and screen</B ></P ><TABLE BORDER="0" BGCOLOR="#E0E0E0" WIDTH="100%" ><TR ><TD ><FONT COLOR="#000000" ><PRE CLASS="PROGRAMLISTING" ><console>=tty[0-9][0-9]* vc/[0-9][0-9]* :[0-9]\.[0-9] :[0-9]</PRE ></FONT ></TD ></TR ></TABLE ></DIV ><P >Later in the file the <TT CLASS="LITERAL" ><console></TT > user is granted permission to use some devices. This is done by altering the devices' permissions upon login and logout.</P ><DIV CLASS="FIGURE" ><A NAME="MISC-PAM-DEFAULT-DEV" ></A ><P ><B >Figure 7-10. Default device listing in <TT CLASS="FILENAME" >console.perms</TT ></B ></P ><TABLE BORDER="0" BGCOLOR="#E0E0E0" WIDTH="100%" ><TR ><TD ><FONT COLOR="#000000" ><PRE CLASS="PROGRAMLISTING" ><console> 0660 <floppy> 0660 root.floppy <console> 0600 <sound> 0600 root <console> 0600 <cdrom> 0660 root.disk <console> 0600 <pilot> 0660 root.uucp <console> 0600 <jaz> 0660 root.disk <console> 0600 <zip> 0660 root.disk <console> 0600 <ls120> 0660 root.disk <console> 0600 <scanner> 0600 root <console> 0600 <camera> 0600 root <console> 0600 <memstick> 0600 root <console> 0600 <flash> 0600 root <console> 0600 <fb> 0600 root <console> 0600 <kbd> 0600 root <console> 0600 <joystick> 0600 root <console> 0600 <v4l> 0600 root <console> 0700 <gpm> 0700 root <console> 0600 <mainboard> 0600 root <console> 0600 <rio500> 0600 root</PRE ></FONT ></TD ></TR ></TABLE ></DIV ><P >There are two types of devices listed above: those devices required by someone connecting from an attached keyboard and monitor and those devices that allow convenient access to devices. The configuration file fails to make the distionction between logical and physical console noted in <A HREF="intro-word.html" >Section 1.3</A >. The configuration file is modified to create that distinction.</P ><DIV CLASS="FIGURE" ><A NAME="MISC-PAM-SERIAL-DEV" ></A ><P ><B >Figure 7-11. Devices in <TT CLASS="FILENAME" >console.perms</TT > required for attached keyboard and screen</B ></P ><TABLE BORDER="0" BGCOLOR="#E0E0E0" WIDTH="100%" ><TR ><TD ><FONT COLOR="#000000" ><PRE CLASS="PROGRAMLISTING" ><console> 0600 <fb> 0600 root <console> 0600 <kbd> 0600 root <console> 0600 <joystick> 0600 root <console> 0600 <v4l> 0600 root <console> 0700 <gpm> 0700 root</PRE ></FONT ></TD ></TR ></TABLE ></DIV ><P >The remaining devices should be altered to give control only to people attaching from the serial console. For example, we don't want an unprivileged user at a co-location site mounting a floppy disk. Define a new console type for the serial console, say <TT CLASS="LITERAL" ><sconsole></TT >.</P ><DIV CLASS="FIGURE" ><A NAME="MISC-PAM-SERIAL-SCONSOLE" ></A ><P ><B >Figure 7-12. Add <TT CLASS="LITERAL" ><sconsole></TT > in <TT CLASS="FILENAME" >console.perms</TT > to refer to serial console</B ></P ><TABLE BORDER="0" BGCOLOR="#E0E0E0" WIDTH="100%" ><TR ><TD ><FONT COLOR="#000000" ><PRE CLASS="PROGRAMLISTING" ><sconsole>=ttyS0</PRE ></FONT ></TD ></TR ></TABLE ></DIV ><P >Now modify the remaining entries from <TT CLASS="LITERAL" ><console></TT > to <TT CLASS="LITERAL" ><sconsole></TT >.</P ><DIV CLASS="FIGURE" ><A NAME="MISC-PAM-SERIAL-SDEV" ></A ><P ><B >Figure 7-13. Remaining devices in <TT CLASS="FILENAME" >console.perms</TT > altered to refer to serial console</B ></P ><TABLE BORDER="0" BGCOLOR="#E0E0E0" WIDTH="100%" ><TR ><TD ><FONT COLOR="#000000" ><PRE CLASS="PROGRAMLISTING" ><sconsole> 0660 <floppy> 0660 root.floppy <sconsole> 0600 <sound> 0600 root <sconsole> 0600 <cdrom> 0660 root.disk <sconsole> 0600 <pilot> 0660 root.uucp <sconsole> 0600 <jaz> 0660 root.disk <sconsole> 0600 <zip> 0660 root.disk <sconsole> 0600 <ls120> 0660 root.disk <sconsole> 0600 <scanner> 0600 root <sconsole> 0600 <camera> 0600 root <sconsole> 0600 <memstick> 0600 root <sconsole> 0600 <flash> 0600 root <sconsole> 0600 <mainboard> 0600 root <sconsole> 0600 <rio500> 0600 root</PRE ></FONT ></TD ></TR ></TABLE ></DIV ></DIV ><DIV CLASS="NAVFOOTER" ><HR ALIGN="LEFT" WIDTH="100%"><TABLE SUMMARY="Footer navigation table" WIDTH="100%" BORDER="0" CELLPADDING="0" CELLSPACING="0" ><TR ><TD WIDTH="33%" ALIGN="left" VALIGN="top" ><A HREF="misc-devsystty.html" ACCESSKEY="P" >Prev</A ></TD ><TD WIDTH="34%" ALIGN="center" VALIGN="top" ><A HREF="index.html" ACCESSKEY="H" >Home</A ></TD ><TD WIDTH="33%" ALIGN="right" VALIGN="top" ><A HREF="misc-configure-rhl.html" ACCESSKEY="N" >Next</A ></TD ></TR ><TR ><TD WIDTH="33%" ALIGN="left" VALIGN="top" >Alter target of <TT CLASS="FILENAME" >/dev/systty</TT ></TD ><TD WIDTH="34%" ALIGN="center" VALIGN="top" ><A HREF="misc.html" ACCESSKEY="U" >Up</A ></TD ><TD WIDTH="33%" ALIGN="right" VALIGN="top" >Configure <SPAN CLASS="PRODUCTNAME" >Red Hat Linux</SPAN ></TD ></TR ></TABLE ></DIV ></BODY ></HTML >