acahalan at gmail.com
Wed Jan 2 23:47:07 EST 2008
Bernardo Innocenti writes:
> "su" uses pam. pam_wheel can check that you belong to the
> group wheel (or any other group) before granting you access.
I got it to work with a different pam module, and placed
that info into trac. http://dev.laptop.org/ticket/5537
auth sufficient pam_rootok.so
auth required pam_succeed_if.so use_uid user ingroup wheel
auth include system-auth
account sufficient pam_succeed_if.so uid = 0 use_uid quiet
account include system-auth
password include system-auth
session include system-auth
session optional pam_xauth.so
> Even better, we could put
> /sbin/mingetty --noclear --autologin root tty1
> in inittab to circumvent the issue altogether.
This is an excellent idea. Doing tty1 through tty6 would
I strongly feel that:
if sudo works
then su must work
Note that the above does not require sudo to work. It doesn't
even require su to work, given that sudo doesn't work.
I don't believe there is any real need to protect the root
account from the olpc account. If there is, then a root login
should require the SAK key. (Alt-Ctrl-SysRq by default)
This is the only way to be sure that one is not typing into
a trojan. Maybe Fn-Esc makes a good SAK key.
More information about the Devel