From b2902e980fe4ec19547ba3f53a4a01c3847aedc2 Mon Sep 17 00:00:00 2001 From: slin14 Date: Fri, 9 Nov 2018 23:16:07 +0800 Subject: [PATCH] fix build error due to missed file Below patch removed file pam.d/su accidently, which is needed by util-linux. Put it back to util-linux folder, since only util-linux need it. https://review.openstack.org/612897 Closes-Bug: 1802434 Change-Id: I4c3683d1a3ef95eea8cd5fae77086cea9e5e811d Signed-off-by: slin14 --- base/util-linux/centos/build_srpm.data | 4 +- base/util-linux/files/pam.d/su | 69 ++++++++++++++++++++++++++ 2 files changed, 71 insertions(+), 2 deletions(-) create mode 100644 base/util-linux/files/pam.d/su diff --git a/base/util-linux/centos/build_srpm.data b/base/util-linux/centos/build_srpm.data index e31319932..8f80fa06a 100644 --- a/base/util-linux/centos/build_srpm.data +++ b/base/util-linux/centos/build_srpm.data @@ -1,2 +1,2 @@ -COPY_LIST="$GIT_BASE/base/shadow-utils/files/pam.d/su" -TIS_PATCH_VER=3 +COPY_LIST="files/pam.d/su" +TIS_PATCH_VER=4 diff --git a/base/util-linux/files/pam.d/su b/base/util-linux/files/pam.d/su new file mode 100644 index 000000000..921f56cc7 --- /dev/null +++ b/base/util-linux/files/pam.d/su @@ -0,0 +1,69 @@ +# +# The PAM configuration file for the Shadow `su' service +# + +# This allows root to su without passwords (normal operation) +auth sufficient pam_rootok.so + +# Uncomment this to force users to be a member of group root +# before they can use `su'. You can also add "group=foo" +# to the end of this line if you want to use a group other +# than the default "root" (but this may have side effect of +# denying "root" user, unless she's a member of "foo" or explicitly +# permitted earlier by e.g. "sufficient pam_rootok.so"). +# (Replaces the `SU_WHEEL_ONLY' option from login.defs) +# auth required pam_wheel.so + +# Uncomment this if you want wheel members to be able to +# su without a password. +# auth sufficient pam_wheel.so trust + +# Uncomment this if you want members of a specific group to not +# be allowed to use su at all. +# auth required pam_wheel.so deny group=nosu + +# Uncomment and edit /etc/security/time.conf if you need to set +# time restrainst on su usage. +# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs +# as well as /etc/porttime) +# account requisite pam_time.so + +# This module parses environment configuration file(s) +# and also allows you to use an extended config +# file /etc/security/pam_env.conf. +# +# parsing /etc/environment needs "readenv=1" +session required pam_env.so readenv=1 + +# Defines the MAIL environment variable +# However, userdel also needs MAIL_DIR and MAIL_FILE variables +# in /etc/login.defs to make sure that removing a user +# also removes the user's mail spool file. +# See comments in /etc/login.defs +# +# "nopen" stands to avoid reporting new mail when su'ing to another user +session optional pam_mail.so nopen + +# Sets up user limits, please uncomment and read /etc/security/limits.conf +# to enable this functionality. +# (Replaces the use of /etc/limits in old login) +# session required pam_limits.so + +# For first time login or when the user authentication +# token stack has been flushed, su will call passwd +# which will fails with "Authentication Token Error" +# since the previous token on the stack is NULL +# +# Tickle the password service to push a previous +# authentication token on the PAM stack +password optional pam_ldap.so +password optional pam_unix.so + +# The standard Unix authentication modules, used with +# NIS (man nsswitch) as well as normal /etc/passwd and +# /etc/shadow entries. +auth include common-auth +account include common-account +session include common-session + +