Difference between revisions of "Pam"
From Bashlinux
(Redirected page to PAM) |
|||
(5 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
+ | #REDIRECT [[PAM]] |
||
− | __NOTOC__ |
||
− | = PAM = |
||
− | == Launch application from Desktop with password protection == |
||
− | Assuming the application in question is ''Firefox'', this works using `bin` and `sbin` pair assisted by `consolehelper` that will verify the PAM restrictions. Note that every file created should match the name of the binary to be protected. |
||
− | # Move binary file |
||
− | |||
− | <pre><nowiki> |
||
− | mv /usr/bin/firefox /usr/sbin/firefox |
||
− | ln -s /usr/bin/consolehelper /usr/bin/firefox |
||
− | </nowiki></pre> |
||
− | |||
− | # Create a security file `/etc/security/console.apps/firefox` and add the following lines: |
||
− | |||
− | <pre><nowiki> |
||
− | USER=<user> |
||
− | PROGRAM=/usr/sbin/firefox |
||
− | SESSION=True |
||
− | </nowiki></pre> |
||
− | |||
− | '''User''' |
||
− | The line user should literally write as `<user>`, it will ask a password for the current user. If you need to run the application as specific user, for example `foo` then change the literal string `<user>` by `foo`, or in some cases if need to restrict to only root, user `root` instead `<user>`. |
||
− | |||
− | # Create a PAM file `/etc/pam.d/firefox` |
||
− | |||
− | <pre><nowiki> |
||
− | #%PAM-1.0 |
||
− | auth sufficient pam_rootok.so |
||
− | auth sufficient pam_timestamp.so |
||
− | auth include system-auth |
||
− | account required pam_permit.so |
||
− | session required pam_permit.so |
||
− | session optional pam_xauth.so |
||
− | session optional pam_timestamp.so |
||
− | </nowiki></pre> |
||
− | |||
− | # Create the Desktop launcher `~/Desktop/firefox.desktop` |
||
− | |||
− | <pre><nowiki> |
||
− | [Desktop Entry] |
||
− | Encoding=UTF-8 |
||
− | Version=1.0 |
||
− | Type=Application |
||
− | Terminal=false |
||
− | Name[en_US]=Firefox |
||
− | Exec=/usr/bin/firefox |
||
− | Comment[en_US]=Launch Firefox |
||
− | Icon[en_US]=/usr/share/pixmaps/firefox.xpm |
||
− | Name=Firefox |
||
− | Comment=Launch Firerox |
||
− | Icon=/usr/share/pixmaps/firefox.xpm |
||
− | </nowiki></pre> |
||
− | |||
− | |||
− | The {{png}} icon under {{/usr/share/pixmaps}} is too big, so you might want to link the small one from firefox installation to the icon folder. |
||
− | {noformat} |
||
− | ln -s /usr/lib/${FIREFOX}/icons/default.xpm /usr/share/pixmaps/firefox.xpm |
||
− | {noformat} |
Latest revision as of 17:24, 9 June 2015
Redirect to: