Project

General

Profile

Bug #37138

Write out pam configuration files in /etc/pam.d/ if they don't already exist

Added by Andrew Walker 10 months ago. Updated 10 months ago.

Status:
Done
Priority:
No priority
Assignee:
John Hixson
Category:
OS
Target version:
Seen in:
Severity:
New
Reason for Closing:
Reason for Blocked:
Needs QA:
No
Needs Doc:
No
Needs Merging:
No
Needs Automation:
No
Support Suite Ticket:
n/a
Hardware Configuration:
ChangeLog Required:
No

Description

root@catherder:/etc/pam.d # midclt call etc.generate pam
null
root@catherder:/etc/pam.d # ls -l
total 60
-rw-r--r--  1 root  wheel   312 Jul  9 14:24 atrun
-rw-r--r--  1 root  wheel   189 Jul  9 14:24 cron
-rw-r--r--  1 root  wheel   724 Jul  9 14:29 ftp
-rw-r--r--  1 root  wheel   724 Jul  9 14:29 ftpd
-rw-r--r--  1 root  wheel   355 Jul  9 14:24 imap
-rw-r--r--  1 root  wheel   516 Jul  9 14:29 login
-rw-r--r--  1 root  wheel   661 Jul  9 14:24 other
-rw-r--r--  1 root  wheel   308 Jul  9 14:24 passwd
-rw-r--r--  1 root  wheel   355 Jul  9 14:24 pop3
-r--r--r--  1 root  wheel  2898 Jul  9 14:24 README
-rw-r--r--  1 root  wheel  1005 Jul  9 14:29 sshd
-rw-r--r--  1 root  wheel   545 Jul  9 14:29 su
-rw-r--r--  1 root  wheel   704 Jul  9 14:24 system
-rw-r--r--  1 root  wheel   754 Jul  9 14:24 telnetd
-rw-r--r--  1 root  wheel   519 Jul  9 14:24 xdm

In above output netatalk is missing. Touch file and re-run.

root@catherder:/etc/pam.d # touch netatalk
root@catherder:/etc/pam.d # midclt call etc.generate pam
null
root@catherder:/etc/pam.d # cat netatalk
#
# PAM configuration for the "netatalk" service
#

# auth
auth        sufficient    pam_opie.so        no_warn no_fake_prompts
auth        requisite    pam_opieaccess.so    no_warn allow_local
auth        sufficient    /usr/local/lib/pam_sss.so    ignore_authinfo_unavail quiet
#auth        sufficient    pam_krb5.so        no_warn
#auth        sufficient    pam_ssh.so        no_warn try_first_pass
auth        required    pam_unix.so        no_warn try_first_pass

# account
account        required    pam_nologin.so
account        sufficient    /usr/local/lib/pam_sss.so    ignore_authinfo_unavail quiet
#account    required    pam_krb5.so
account        required    pam_unix.so

# session
session        required    pam_permit.so
session        required    /usr/local/lib/pam_mkhomedir.so

# password
#password    sufficient    pam_krb5.so        no_warn try_first_pass
password    sufficient    /usr/local/lib/pam_sss.so    use_authtok quiet
password    required    pam_unix.so        no_warn try_first_pass

This is also the case for other missing pam files.


Related issues

Copied to FreeNAS - Bug #40672: Write out pam configuration files in /etc/pam.d/ if they don't already existDone

Associated revisions

Revision 53a97432 (diff)
Added by John Hixson 10 months ago

Write out files if they don't exist

Ticket: #37138

Revision b00558f9 (diff)
Added by John Hixson 9 months ago

Write out files if they don't exist

Ticket: #37138
(cherry picked from commit 53a974326c98cac536c0430124cdb1fc0e4223c4)

(11.1-stable)
Ticket: #40672

Revision 0d3b1af8 (diff)
Added by John Hixson 9 months ago

Write out files if they don't exist

Ticket: #37138
(cherry picked from commit 53a974326c98cac536c0430124cdb1fc0e4223c4)

History

#1 Updated by Dru Lavigne 10 months ago

  • Category changed from Middleware to OS
  • Assignee changed from Release Council to John Hixson

#2 Updated by John Hixson 10 months ago

  • Status changed from Unscreened to Screened

It looks like I may have broke this ;-) Investigating.

#3 Updated by John Hixson 10 months ago

Files in the etc_files directory that didn't already exist weren't being created. Fixed in PR https://github.com/freenas/freenas/pull/1507.

#4 Updated by John Hixson 10 months ago

  • Status changed from Screened to Ready for Testing

#5 Updated by Dru Lavigne 10 months ago

  • Subject changed from pam configuration only generated if file exists in /etc/pam.d/ to Write out pam configuration files in /etc/pam.d/ if they don't already exist
  • Target version changed from Backlog to 11.2-BETA2
  • Needs Doc changed from Yes to No
  • Needs Merging changed from Yes to No

#6 Updated by Bonnie Follweiler 10 months ago

  • Status changed from Ready for Testing to Passed Testing
  • Needs QA changed from Yes to No

Test Case: while logged in do this: rm -rf /etc/pam.d/*, then midclt call etc.generate pam, then ls /etc/pam.d/, poke around the pam files and see if they are okay, verify the files in /usr/local/lib/python3.6/site-packages/middlewared/etc_files/pam.d/ are in /etc/pam.d/, and things should be fine

Test Passes in FreeNAS-11.2-MASTER-201807120858
(Build Date: Jul 12, 2018 12:2)

#7 Updated by Dru Lavigne 10 months ago

  • Status changed from Passed Testing to Done

#8 Updated by John Hixson 9 months ago

  • Copied to Bug #40672: Write out pam configuration files in /etc/pam.d/ if they don't already exist added

Also available in: Atom PDF