pam | 易学教程

How to authenticate username/password using PAM w/o root privileges

阅读更多关于 How to authenticate username/password using PAM w/o root privileges

问题 I have program written in C. It takes 2 arguments username/password and try to authenticate this user using PAM. It works fine when I'm root. When I'm 'normal' user, it works for this user, but not for another one. I think, it's due to using shadow passwords.. As service I'm using: retval = pam_start("test", username, &local_conversation, &local_auth_handle); I add this to the /etc/pam.d/test #%PAM-1.0 auth required pam_unix.so shadow nullok account required pam_unix.so session required pam

Security concerns with a Python PAM module?

阅读更多关于 Security concerns with a Python PAM module?

问题 I'm interested in writing a PAM module that would make use of a popular authentication mechanism for Unix logins. Most of my past programming experience has been in Python, and the system I'm interacting with already has a Python API. I googled around and found pam_python, which allows PAM modules to invoke the python intrepreter, therefore allowing PAM modules to be written essentially in Python. However, I've read that there are security risks when allowing a user to invoke Python code that

Linux限制用户的磁盘空间和内存使用

阅读更多关于 Linux限制用户的磁盘空间和内存使用

【推荐】2019 Java 开发者跳槽指南.pdf(吐血整理) >>> 一、如何限制用户的磁盘空间 1. 查看系统中所有用户的磁盘空间配额 sudo repquota /dev/vda1 2. 查看某个用户的磁盘空间配额 sudo edquota user_name 要想更改该用户的磁盘空间配额，直接在弹出的文件中修改blocks字段后面的soft和hard字段的值即可。比如下图就将 soft字段的值设置为2097152（也就是2G），将 hard字段的值设置为3145728（也就是3G），这么设置的意思就是，系统会允许你在一定时间内（时间的设置见下面的第4节）的磁盘空间超过2G，但是你要在截至时间到来之前将磁盘空间降到2G以下；但是无论如何，你的磁盘空间都不能超过3G。这也就是soft和hard的含义。需要注意的是， blocks和inodes字段无需进行设置，这两个字段的值是系统自动给出的。 3. 先设置好某个模板用户fanyiwei的磁盘空间配额，然后将其配额赋值给目标用户target_user_name。只要设置过一次模板配额，那么以后这个命令就是最常用的，很方便。 sudo edquota -p fanyiwei target_user_name 4. 设置预警期之前第2节我们设置过用户磁盘空间的软上限(soft)和硬上限(hard)。硬上限是绝对不允许超过的上限

Centos系统如何限制用户内存使用上限

阅读更多关于 Centos系统如何限制用户内存使用上限

【推荐】2019 Java 开发者跳槽指南.pdf(吐血整理) >>> 以用户xiaoming为例，将其最大使用内存限制为2G,执行以下三条命令即可。以root身份登陆 echo "xiaoming hard rss 2097152" >> /etc/security/limits.conf echo "#Sets up user limits according to /etc/security/limits.conf" >/etc/pam.d/login echo "session required pam_limits.so" > /etc/pam.d/login 登陆xiaoming的账户，检查最大使用内存 su - xiaoming #切换成xiaoming的账户 ulimit -a 通过上图红框中的内容我们发现最大使用内存被限制到2G左右。来源： oschina 链接： https://my.oschina.net/u/4389056/blog/3144602

PAM authentication problem

阅读更多关于 PAM authentication problem

问题 I am using this module to authenticate using pam: http://code.google.com/p/web2py/source/browse/gluon/contrib/pam.py I can call authenticate('username','password') and it returns True/ False. It works for any 'username' but 'root'. My guess is that there is a security restriction in PAM that does not allow to check for the root password. I need to be able to check the root password. Is there anything I can change in the pam.conf or somewhere else to remove this restriction? 回答1: I found the

Resident Set Size (RSS) limit has no effect

阅读更多关于 Resident Set Size (RSS) limit has no effect

问题 The following problem occurs on a machine running Ubuntu 10.04 with the 2.6.32-22-generic kernel: Setting a limit for the Resident Set Size (RSS) of a process does not seem to have any effect. I currently set the limit in Python with the following code: import resource # (100, 100) is the (soft, hard) limit. ~100kb. resource.setrlimit(resource.RLIMIT_RSS, (100, 100)) memory_sink = ['a']*10000000 # this should fail The list, memory_sink, succeeds every time. When I check RSS usage with top, I

how to create a pam module? [closed]

阅读更多关于 how to create a pam module? [closed]

问题 Closed . This question needs to be more focused. It is not currently accepting answers. Want to improve this question? Update the question so it focuses on one problem only by editing this post. Closed last year . Can anyone tell me about this... I want to create a pam module similar to the login module in /etc/pam.d 回答1: If you are looking for pam based face authentication during login, you need to write a module which does that for you and plug that in login configuration file at /etc/pam.d

Just one source code can be used on Solaris 11 sparc and x86?

阅读更多关于 Just one source code can be used on Solaris 11 sparc and x86?

问题 I've made some access control program with PAM, and it can be compiled on Solaris 11 sparc and x86 now. I know that the architecture is difference between sparc and x86. Would I test on each platform? or just one platform case? thank you, read it. 回答1: It is hard to tell without knowing precisely what APIs and features your program is using but assuming it compiles well in both platforms and works fine in one of them, the risk for it to fail in the other is extremely low. Solaris is built

using dbus and polkit to run a root privilege python service that calls a root script

阅读更多关于 using dbus and polkit to run a root privilege python service that calls a root script

问题 I have written a python script that downloads deb files from launchpad, and then calls out to a shell script to use alien to convert the debs to rpms. The shell script uses alien, and so it needs to be run as root. The program uses a thread pool to download the deb files asynchronously, using threadpool.apply_async, and then uses a processing pool to call the shell script asynchronously, so the whole thing happens reasonably quickly. It all works well, but the shell script that calls alien

Clustering transactional data using PAM in R?

阅读更多关于 Clustering transactional data using PAM in R?

问题 I need to group sets of transactions in different groups. My data in a text file as this format: T1 17 20 22 35 37 60 62 T2 39 51 53 54 57 65 73 T3 17 20 21 22 34 37 62 T4 20 22 54 57 65 73 45 T5 20 54 57 65 73 75 80 T6 2 20 54 57 59 63 71 T7 2 20 22 57 59 71 66 T8 17 20 28 29 30 34 35 T9 16 20 28 32 54 57 65 T10 16 20 22 28 57 59 71 - - and so on, over 5000 lines. Each line represents one transaction. What I did so far: txIn<-read.transactions("data2.txt",format="basket",sep=" ") d<