cvs commit: src/etc/pam.d Makefile cron src/usr.sbin/cron/cron
Makefile cron.8 cron.h database.c do_command.c src/usr.sbin/cron/lib
Makefile entry.c
LI Xin
delphij at delphij.net
Mon Jun 18 09:54:45 UTC 2007
LI Xin wrote:
> Hi,
>
> Yar Tikhiy wrote:
>> yar 2007-06-17 17:25:53 UTC
>>
>> FreeBSD src repository
>>
>> Modified files:
>> etc/pam.d Makefile
>> usr.sbin/cron/cron Makefile cron.8 cron.h database.c
>> do_command.c
>> usr.sbin/cron/lib Makefile entry.c
>> Added files:
>> etc/pam.d cron
>> Log:
>> Add PAM support to cron(8). Now cron(8) will skip commands scheduled
>> by unavailable accounts, e.g., those locked, expired, not allowed in at
>> the moment by nologin(5), or whatever, depending on cron's pam.conf(5).
>> This applies to personal crontabs only, /etc/crontab is unaffected.
>
> This will silently break a lot of ports, for instance mail/mailman,
> which creates nologin(5) users with crontab entry. Can we for now
> (because we are near a new release) try not disabling nologin(5) users,
> and discuss a better solution?
>
> A possible alternative is to make a pam_ftpusers(8) alike PAM module
> which is marked as "sufficient" and explicitly pass /var/cron/allow
> users (especially ports) to override the policy.
Thanks to ru@, I should have noticed that nologin(5) is different from
nologin(8) and this would not affect ports installations.
Sorry for the confusion.
Cheers,
--
Xin LI <delphij at delphij.net> http://www.delphij.net/
FreeBSD - The Power to Serve!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 249 bytes
Desc: OpenPGP digital signature
Url : http://lists.freebsd.org/pipermail/cvs-all/attachments/20070618/dca0131b/signature.pgp
More information about the cvs-all
mailing list