What service reads /etc/security/access.conf?
Solution 1
To see which PAM-based services are using it:
grep pam_access /etc/pam.d/*
If it's not mentioned in /etc/pam.d/cron
(which I suspect it won't be) then it shouldn't be having any effect on cron jobs. If there are any @include
directives in the pam.d
files, follow them to make sure you don't miss anything.
Solution 2
[1] What service reads this file? It is used by pam
[chida@localhost ~]$ rpm -qf /etc/security/access.conf
pam-1.1.5-7.fc17.x86_64
[2] Do I need to restart anything after editing it?
Nothing to restart. Once changed, on subsequent login event, the file is read.
[3] How do I know it's even being used?
$ stat /etc/security/access.conf
For more details, do man access.conf.
Solution 3
The other two answers are very good, but miss something I wish I understood yesterday.
Access.conf is indeed used by pam_access.so, but so what? You really need to know if pam_access.so is being used during login. Check for it here:
# grep pam_access.so /etc/pam.d/*-auth
/etc/pam.d/fingerprint-auth:account required pam_access.so
/etc/pam.d/password-auth:account required pam_access.so
/etc/pam.d/smartcard-auth:account required pam_access.so
/etc/pam.d/system-auth:account required pam_access.so
Here is the thing: Do not edit these files to add/remove pam_access.so. Other services may overwrite those changes. You have to dive into the dark arts of authentication to change these things... doing so without full understanding can lead to a burned tush.
But the others are correct: changes to access.conf are immediate, requiring no reboot nor service restart.
Related videos on Youtube
Tom
Updated on September 18, 2022Comments
-
Tom almost 2 years
I'm trying to get to the bottom of an issue with a non-root user running a cron job and I've stumbled upon
/etc/security/access.conf
. I have a couple of questions:- What service reads this file?
- Do I need to restart anything after editing it?
- How do I know it's even being used?
Thanks
-
user9517 almost 12 yearswhat error messages are you seeing from your cron job ?
-
Tom almost 12 yearsIn
/etc/pam.d/crond
there's this line:account required pam_access.so
- what does that mean? Thanks -
Tom almost 12 years
stat /etc/security/access.conf
showsAccess: 2012-08-15 08:35:01.762992895 +0000
- what causes the Access timestamp to be altered? It wasn't altered when I rancat /etc/security/access.conf
, which must involve reading/accessing the file, right? I'm confused about that. -
Alan Curry almost 12 yearsIt means my guess was wrong and your cron is configured to use the
access
module. So/etc/security/access.conf
will apply. -
Alan Curry almost 12 yearsLinux doesn't do access timestamps correctly anymore, unless you beg for them with the
strictatime
mount option. -
phemmer almost 12 yearsAnd to answer the other question 'do I need to restart anything after editing it?'; No, you do not. The file is read every time a session is opened (in your case, when a cron job runs).
-
Brian Peterson over 3 yearsThank you! I was trying to add pam_access.so to /etc/pam.d/login and /etc/pam.d/sshd and neither did anything, but this showed me where I needed to put it apparently.