Closed markafarrell closed 3 days ago
It appears that the path is set here:
https://github.com/linux-pam/linux-pam/blob/master/modules/pam_limits/pam_limits.c#L128
So presumably linux-pam
is being compiled with SCONFIGDIR=/usr/lib/pam
instead of SCONFIGDIR=/etc/security
I believe we can maintain the current behavior by making the following changes.
Update https://github.com/flatcar/scripts/blob/main/sdk_container/src/third_party/coreos-overlay/sys-libs/pam/pam-1.5.1_p20210622-r1.ebuild#L84 to --enable-vendordir="/usr/lib/pam/"
Update links in https://github.com/flatcar/scripts/blob/main/sdk_container/src/third_party/coreos-overlay/sys-libs/pam/files/tmpfiles.d/pam.conf from ../usr/lib/pam
to ../usr/lib/pam/security
It appears that using vendorsconfdir is only supported in linux-pam >= 1.5.3
So we would also need to update from linux-pam=1.5.1
to at least linux-pam=1.5.3
Thanks for the report and the contribution! This change will be available in the next Alpha :partying_face:
Description
I am unable to modify pam configuration by using files in /etc/security/
For example, if i set
in
/etc/security/limits.conf
it is not respectedWhen I add
debug
to the pam_limits.so entry in/etc/pam.d/system-auth
I can see that the module is attempting to read the limits file from
/usr/lib/pam/limits.conf
Impact
This means a user is unable to modify pam module configuration
Environment and steps to reproduce
Expected behavior
We should be able to modifiy pam module configuration using the configuration files in
/etc/security/
Additional information
Please add any information here that does not fit the above format.