7.6. Configure Pluggable Authentication Modules
The Pluggable Authentication
Module system can be used to give special privileges
to users that logged in through the console. It is used to make
devices like the floppy disk mountable by the console's user;
usually they would need to become the super-user to mount a
disk.
The PAM configuration file
/etc/security/console.perms contains the
<console> variable. For Red
Hat Linux 7.1
<console> is the regular
expression:
Later in the file the <console> user
is granted permission to use some devices. This is done by
altering the devices' permissions upon login and logout.
There are two types of devices listed above: those devices
required by someone connecting from an attached keyboard and
monitor and those devices that allow convenient access to devices.
The configuration file fails to make the distionction between
logical and physical console noted in Section 1.3.
The configuration file is modified to create that
distinction.
The remaining devices should be altered to give control only
to people attaching from the serial console. For example, we don't
want an unprivileged user at a co-location site mounting a floppy
disk. Define a new console type for the serial console, say
<sconsole>.
Now modify the remaining entries from
<console> to
<sconsole>.