cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
martindxc
Flight Engineer
Flight Engineer
‎03-25-2024 06:45 PM
  • 230 Views

RH415 v9 labs: custom PAM profile; doesn't seem to be done the right way

In the RH415 v9 labs, section 6.7 there's a task to enable full terminal logging with pam_tty_audit module. To achieve this authselect is used as follows:

authselect create-profile minimal-with-tty-audit \
    -b minimal --symlink-meta --symlink-pam
echo "session required pam_tty_audit.so disable=student enable=devops log_passwd" \
    >> /etc/authselect/custom/minimal-with-tty-audit/system-auth

 I've the problem that the custom profile has been created with symlik options that are then edited. This means that the actual templates from /usr/share/authselect/* are being updated. This results in two major problems

a) next patch/update (or reinstall) of authselect-libs will wipe this change out

b) this will affect all other profiles

To avoid this I'd avoid using --symlink* options and have these files in custom location (location of custom profile), edit that and apply profile.

Am I missing something here?

Labels (2)
Labels
Join the discussion
1 Reply
Chetan_Tiwary_
Moderator
Moderator
yesterday
  • 11 Views

@martindxc Thanks for your time and reporting this potential issue here. Let me check this with the concerned team and I will let you know once I have an update on this. 

0 Kudos
Join the discussion
You must log in to join this conversation.
Red Hat Learning Community

Red Hat

Learning Community

A collaborative learning environment, enabling open source skill development.

Red Hat Inc. Copyright ?2024 Red Hat, Inc. Privacy policy Terms of use