Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP2:Update
pam.35143
pam-ped1712-pam_motd-directory-feature.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File pam-ped1712-pam_motd-directory-feature.patch of Package pam.35143
Index: Linux-PAM-1.3.0/modules/pam_motd/pam_motd.8.xml =================================================================== --- Linux-PAM-1.3.0.orig/modules/pam_motd/pam_motd.8.xml +++ Linux-PAM-1.3.0/modules/pam_motd/pam_motd.8.xml @@ -21,6 +21,9 @@ <arg choice="opt"> motd=<replaceable>/path/filename</replaceable> </arg> + <arg choice="opt"> + motd_dir=<replaceable>/path/dirname.d</replaceable> + </arg> </cmdsynopsis> </refsynopsisdiv> @@ -31,10 +34,55 @@ <para> pam_motd is a PAM module that can be used to display arbitrary motd (message of the day) files after a successful - login. By default the <filename>/etc/motd</filename> file is - shown. The message size is limited to 64KB. + login. By default, pam_motd shows files in the + following locations: + </para> + <para> + <simplelist type='vert'> + <member><filename>/etc/motd</filename></member> + <member><filename>/run/motd</filename></member> + <member><filename>/usr/lib/motd</filename></member> + <member><filename>/etc/motd.d/</filename></member> + <member><filename>/run/motd.d/</filename></member> + <member><filename>/usr/lib/motd.d/</filename></member> + </simplelist> + </para> + <para> + Each message size is limited to 64KB. + </para> + <para> + If <filename>/etc/motd</filename> does not exist, + then <filename>/run/motd</filename> is shown. If + <filename>/run/motd</filename> does not exist, then + <filename>/usr/lib/motd</filename> is shown. + </para> + <para> + Similar overriding behavior applies to the directories. + Files in <filename>/etc/motd.d/</filename> override files + with the same name in <filename>/run/motd.d/</filename> and + <filename>/usr/lib/motd.d/</filename>. Files in <filename>/run/motd.d/</filename> + override files with the same name in <filename>/usr/lib/motd.d/</filename>. + </para> + <para> + Files in the directories listed above are displayed in lexicographic + order by name. Moreover, the files are filtered by reading them with the + credentials of the target user authenticating on the system. + </para> + <para> + To silence a message, + a symbolic link with target <filename>/dev/null</filename> + may be placed in <filename>/etc/motd.d</filename> with + the same filename as the message to be silenced. Example: + Creating a symbolic link as follows silences <filename>/usr/lib/motd.d/my_motd</filename>. + </para> + <para> + <command>ln -s /dev/null /etc/motd.d/my_motd</command> + </para> + <para> + The <emphasis remap='B'>MOTD_SHOWN=pam</emphasis> environment variable + is set after showing the motd files, even when all of them were silenced + using symbolic links. </para> - </refsect1> <refsect1 id="pam_motd-options"> @@ -47,12 +95,32 @@ </term> <listitem> <para> - The <filename>/path/filename</filename> file is displayed - as message of the day. + The <filename>/path/filename</filename> file is displayed + as message of the day. Multiple paths to try can be + specified as a colon-separated list. By default this option + is set to <filename>/etc/motd:/run/motd:/usr/lib/motd</filename>. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term> + <option>motd_dir=<replaceable>/path/dirname.d</replaceable></option> + </term> + <listitem> + <para> + The <filename>/path/dirname.d</filename> directory is scanned + and each file contained inside of it is displayed. Multiple + directories to scan can be specified as a colon-separated list. + By default this option is set to <filename>/etc/motd.d:/run/motd.d:/usr/lib/motd.d</filename>. </para> </listitem> </varlistentry> </variablelist> + <para> + When no options are given, the default behavior applies for both + options. Specifying either option (or both) will disable the + default behavior for both options. + </para> </refsect1> <refsect1 id="pam_motd-types"> @@ -66,10 +134,26 @@ <title>RETURN VALUES</title> <variablelist> <varlistentry> + <term>PAM_ABORT</term> + <listitem> + <para> + Not all relevant data or options could be obtained. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term>PAM_BUF_ERR</term> + <listitem> + <para> + Memory buffer error. + </para> + </listitem> + </varlistentry> + <varlistentry> <term>PAM_IGNORE</term> <listitem> <para> - This is the only return value of this module. + This is the default return value of this module. </para> </listitem> </varlistentry> @@ -81,7 +165,20 @@ <para> The suggested usage for <filename>/etc/pam.d/login</filename> is: <programlisting> -session optional pam_motd.so motd=/etc/motd +session optional pam_motd.so + </programlisting> + </para> + <para> + To use a <filename>motd</filename> file from a different location: + <programlisting> +session optional pam_motd.so motd=/elsewhere/motd + </programlisting> + </para> + <para> + To use a <filename>motd</filename> file from elsewhere, along with a + corresponding <filename>.d</filename> directory: + <programlisting> +session optional pam_motd.so motd=/elsewhere/motd motd_dir=/elsewhere/motd.d </programlisting> </para> </refsect1> @@ -109,6 +206,10 @@ session optional pam_motd.so motd=/et <para> pam_motd was written by Ben Collins <bcollins@debian.org>. </para> + <para> + The <option>motd_dir=</option> option was added by + Allison Karlitskaya <allison.karlitskaya@redhat.com>. + </para> </refsect1> </refentry> Index: Linux-PAM-1.3.0/modules/pam_motd/pam_motd.c =================================================================== --- Linux-PAM-1.3.0.orig/modules/pam_motd/pam_motd.c +++ Linux-PAM-1.3.0/modules/pam_motd/pam_motd.c @@ -1,13 +1,8 @@ -/* pam_motd module */ - /* - * Modified for pam_motd by Ben Collins <bcollins@debian.org> - * - * Based off of: - * $Id$ + * pam_motd module * + * Modified for pam_motd by Ben Collins <bcollins@debian.org> * Written by Michael K. Johnson <johnsonm@redhat.com> 1996/10/24 - * */ #include "config.h" @@ -17,25 +12,21 @@ #include <stdlib.h> #include <unistd.h> #include <fcntl.h> +#include <dirent.h> #include <sys/types.h> #include <sys/stat.h> #include <pwd.h> #include <syslog.h> +#include <errno.h> #include <security/_pam_macros.h> #include <security/pam_ext.h> -/* - * here, we make a definition for the externally accessible function - * in this file (this definition is required for static a module - * but strongly encouraged generally) it is used to instruct the - * modules include file to define the function prototypes. - */ - -#define PAM_SM_SESSION -#define DEFAULT_MOTD "/etc/motd" - #include <security/pam_modules.h> #include <security/pam_modutil.h> +#include "pam_inline.h" + +#define DEFAULT_MOTD "/etc/motd:/run/motd:/usr/lib/motd" +#define DEFAULT_MOTD_D "/etc/motd.d:/run/motd.d:/usr/lib/motd.d" /* --- session management functions (only) --- */ @@ -46,24 +37,371 @@ pam_sm_close_session (pam_handle_t *pamh return PAM_IGNORE; } -static char default_motd[] = DEFAULT_MOTD; +static const char default_motd[] = DEFAULT_MOTD; +static const char default_motd_dir[] = DEFAULT_MOTD_D; + +static void try_to_display_fd(pam_handle_t *pamh, int fd) +{ + struct stat st; + char *mtmp = NULL; + + /* fill in message buffer with contents of motd */ + if ((fstat(fd, &st) < 0) || !st.st_size || st.st_size > 0x10000) + return; + + if (!(mtmp = malloc(st.st_size+1))) + return; + + if (pam_modutil_read(fd, mtmp, st.st_size) == st.st_size) { + if (mtmp[st.st_size-1] == '\n') + mtmp[st.st_size-1] = '\0'; + else + mtmp[st.st_size] = '\0'; + + pam_info (pamh, "%s", mtmp); + } + + _pam_drop(mtmp); +} + +/* + * Split a DELIM-separated string ARG into an array. + * Outputs a newly allocated array of strings OUT_ARG_SPLIT + * and the number of strings OUT_NUM_STRS. + * Returns 0 in case of error, 1 in case of success. + */ +static int pam_split_string(const pam_handle_t *pamh, char *arg, char delim, + char ***out_arg_split, unsigned int *out_num_strs) +{ + char *arg_extracted = NULL; + const char *arg_ptr = arg; + char **arg_split = NULL; + char delim_str[2]; + unsigned int i = 0; + unsigned int num_strs = 0; + int retval = 0; + + delim_str[0] = delim; + delim_str[1] = '\0'; + + if (arg == NULL) { + goto out; + } + + while (arg_ptr != NULL) { + num_strs++; + arg_ptr = strchr(arg_ptr + sizeof(const char), delim); + } + + arg_split = calloc(num_strs, sizeof(*arg_split)); + if (arg_split == NULL) { + pam_syslog(pamh, LOG_CRIT, "failed to allocate string array"); + goto out; + } + + arg_extracted = strtok_r(arg, delim_str, &arg); + while (arg_extracted != NULL && i < num_strs) { + arg_split[i++] = arg_extracted; + arg_extracted = strtok_r(NULL, delim_str, &arg); + } + + retval = 1; + + out: + *out_num_strs = num_strs; + *out_arg_split = arg_split; + + return retval; +} + +/* Join A_STR and B_STR, inserting a "/" between them if one is not already trailing + * in A_STR or beginning B_STR. A pointer to a newly allocated string holding the + * joined string is returned in STRP_OUT. + * Returns -1 in case of error, or the number of bytes in the joined string in + * case of success. */ +static int join_dir_strings(char **strp_out, const char *a_str, const char *b_str) +{ + int has_sep = 0; + int retval = -1; + char *join_strp = NULL; + + if (strp_out == NULL || a_str == NULL || b_str == NULL) { + goto out; + } + if (strlen(a_str) == 0) { + goto out; + } + + has_sep = (a_str[strlen(a_str) - 1] == '/') || (b_str[0] == '/'); + + retval = asprintf(&join_strp, "%s%s%s", a_str, + (has_sep == 1) ? "" : "/", b_str); + + if (retval < 0) { + goto out; + } + + *strp_out = join_strp; + + out: + return retval; +} + +static int compare_strings(const void *a, const void *b) +{ + const char *a_str = *(const char * const *)a; + const char *b_str = *(const char * const *)b; + + if (a_str == NULL && b_str == NULL) { + return 0; + } + else if (a_str == NULL) { + return -1; + } + else if (b_str == NULL) { + return 1; + } + else { + return strcmp(a_str, b_str); + } +} + +static void try_to_display_directories_with_overrides(pam_handle_t *pamh, + char **motd_dir_path_split, unsigned int num_motd_dirs, int report_missing) +{ + struct dirent ***dirscans = NULL; + unsigned int *dirscans_sizes = NULL; + unsigned int dirscans_size_total = 0; + char **dirnames_all = NULL; + unsigned int i; + int i_dirnames = 0; + + if (pamh == NULL || motd_dir_path_split == NULL) { + goto out; + } + if (num_motd_dirs < 1) { + goto out; + } + + if ((dirscans = calloc(num_motd_dirs, sizeof(*dirscans))) == NULL) { + pam_syslog(pamh, LOG_CRIT, "failed to allocate dirent arrays"); + goto out; + } + if ((dirscans_sizes = calloc(num_motd_dirs, sizeof(*dirscans_sizes))) == NULL) { + pam_syslog(pamh, LOG_CRIT, "failed to allocate dirent array sizes"); + goto out; + } + + for (i = 0; i < num_motd_dirs; i++) { + int rv; + rv = scandir(motd_dir_path_split[i], &(dirscans[i]), NULL, NULL); + if (rv < 0) { + if (errno != ENOENT || report_missing) { + pam_syslog(pamh, LOG_ERR, "error scanning directory %s: %m", + motd_dir_path_split[i]); + } + } else { + dirscans_sizes[i] = rv; + } + dirscans_size_total += dirscans_sizes[i]; + } + + if (dirscans_size_total == 0) + goto out; + + /* filter out unwanted names, directories, and complement data with lstat() */ + for (i = 0; i < num_motd_dirs; i++) { + struct dirent **d = dirscans[i]; + for (unsigned int j = 0; j < dirscans_sizes[i]; j++) { + int rc; + char *fullpath; + struct stat s; + + switch(d[j]->d_type) { /* the filetype determines how to proceed */ + case DT_REG: /* regular files and */ + case DT_LNK: /* symlinks */ + continue; /* are good. */ + case DT_UNKNOWN: /* for file systems that do not provide */ + /* a filetype, we use lstat() */ + if (join_dir_strings(&fullpath, motd_dir_path_split[i], + d[j]->d_name) <= 0) + break; + rc = lstat(fullpath, &s); + _pam_drop(fullpath); /* free the memory alloc'ed by join_dir_strings */ + if (rc != 0) /* if the lstat() somehow failed */ + break; + + if (S_ISREG(s.st_mode) || /* regular files and */ + S_ISLNK(s.st_mode)) continue; /* symlinks are good */ + break; + case DT_DIR: /* We don't want directories */ + default: /* nor anything else */ + break; + } + _pam_drop(d[j]); /* free memory */ + d[j] = NULL; /* indicate this one was dropped */ + dirscans_size_total--; + } + } + + /* Allocate space for all file names found in the directories, including duplicates. */ + if ((dirnames_all = calloc(dirscans_size_total, sizeof(*dirnames_all))) == NULL) { + pam_syslog(pamh, LOG_CRIT, "failed to allocate dirname array"); + goto out; + } + + for (i = 0; i < num_motd_dirs; i++) { + unsigned int j; + + for (j = 0; j < dirscans_sizes[i]; j++) { + if (NULL != dirscans[i][j]) { + dirnames_all[i_dirnames] = dirscans[i][j]->d_name; + i_dirnames++; + } + } + } + + qsort(dirnames_all, dirscans_size_total, + sizeof(const char *), compare_strings); + + for (i = 0; i < dirscans_size_total; i++) { + unsigned int j; + + if (dirnames_all[i] == NULL) { + continue; + } + + /* Skip duplicate file names. */ + if (i > 0 && strcmp(dirnames_all[i], dirnames_all[i - 1]) == 0) { + continue; + } + + for (j = 0; j < num_motd_dirs; j++) { + char *abs_path = NULL; + int fd; + + if (join_dir_strings(&abs_path, motd_dir_path_split[j], + dirnames_all[i]) < 0 || abs_path == NULL) { + continue; + } + + fd = open(abs_path, O_RDONLY, 0); + _pam_drop(abs_path); + + if (fd >= 0) { + try_to_display_fd(pamh, fd); + close(fd); + + /* We displayed a file, skip to the next file name. */ + break; + } + } + } + + out: + _pam_drop(dirnames_all); + if (dirscans_sizes != NULL) { + for (i = 0; i < num_motd_dirs; i++) { + unsigned int j; + + for (j = 0; j < dirscans_sizes[i]; j++) + _pam_drop(dirscans[i][j]); + _pam_drop(dirscans[i]); + } + _pam_drop(dirscans_sizes); + } + _pam_drop(dirscans); +} + +static int drop_privileges(pam_handle_t *pamh, struct pam_modutil_privs *privs) +{ + struct passwd *pw; + const char *username; + int retval; + + retval = pam_get_user(pamh, &username, NULL); + + if (retval == PAM_SUCCESS) { + pw = pam_modutil_getpwnam (pamh, username); + } else { + return PAM_SESSION_ERR; + } + + if (pw == NULL || pam_modutil_drop_priv(pamh, privs, pw)) { + return PAM_SESSION_ERR; + } + + return PAM_SUCCESS; +} + +static int try_to_display(pam_handle_t *pamh, char **motd_path_split, + unsigned int num_motd_paths, + char **motd_dir_path_split, + unsigned int num_motd_dir_paths, int report_missing) +{ + PAM_MODUTIL_DEF_PRIVS(privs); + + if (drop_privileges(pamh, &privs) != PAM_SUCCESS) { + pam_syslog(pamh, LOG_ERR, "Unable to drop privileges"); + return PAM_SESSION_ERR; + } + + if (motd_path_split != NULL) { + unsigned int i; + + for (i = 0; i < num_motd_paths; i++) { + int fd = open(motd_path_split[i], O_RDONLY, 0); + + if (fd >= 0) { + try_to_display_fd(pamh, fd); + close(fd); + + /* We found and displayed a file, + * move onto next filename. + */ + break; + } + } + } + + if (motd_dir_path_split != NULL) { + try_to_display_directories_with_overrides(pamh, + motd_dir_path_split, + num_motd_dir_paths, + report_missing); + } + + if (pam_modutil_regain_priv(pamh, &privs)) { + pam_syslog(pamh, LOG_ERR, "Unable to regain privileges"); + return PAM_SESSION_ERR; + } + + return PAM_SUCCESS; +} int pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char **argv) { int retval = PAM_IGNORE; - int fd; const char *motd_path = NULL; - char *mtmp = NULL; + char *motd_path_copy = NULL; + unsigned int num_motd_paths = 0; + char **motd_path_split = NULL; + const char *motd_dir_path = NULL; + char *motd_dir_path_copy = NULL; + unsigned int num_motd_dir_paths = 0; + char **motd_dir_path_split = NULL; + int report_missing; if (flags & PAM_SILENT) { return retval; } for (; argc-- > 0; ++argv) { - if (!strncmp(*argv,"motd=",5)) { + const char *str; + if ((str = pam_str_skip_prefix(*argv, "motd=")) != NULL) { - motd_path = 5 + *argv; + motd_path = str; if (*motd_path != '\0') { D(("set motd path: %s", motd_path)); } else { @@ -72,41 +410,67 @@ int pam_sm_open_session(pam_handle_t *pa "motd= specification missing argument - ignored"); } } + else if ((str = pam_str_skip_prefix(*argv, "motd_dir=")) != NULL) { + + motd_dir_path = str; + if (*motd_dir_path != '\0') { + D(("set motd.d path: %s", motd_dir_path)); + } else { + motd_dir_path = NULL; + pam_syslog(pamh, LOG_ERR, + "motd_dir= specification missing argument - ignored"); + } + } else pam_syslog(pamh, LOG_ERR, "unknown option: %s", *argv); } - if (motd_path == NULL) + if (motd_path == NULL && motd_dir_path == NULL) { motd_path = default_motd; + motd_dir_path = default_motd_dir; + report_missing = 0; + } else { + report_missing = 1; + } - while ((fd = open(motd_path, O_RDONLY, 0)) >= 0) { - struct stat st; - - /* fill in message buffer with contents of motd */ - if ((fstat(fd, &st) < 0) || !st.st_size || st.st_size > 0x10000) - break; - - if (!(mtmp = malloc(st.st_size+1))) - break; - - if (pam_modutil_read(fd, mtmp, st.st_size) != st.st_size) - break; - - if (mtmp[st.st_size-1] == '\n') - mtmp[st.st_size-1] = '\0'; - else - mtmp[st.st_size] = '\0'; + if (motd_path != NULL) { + motd_path_copy = strdup(motd_path); + } - pam_info (pamh, "%s", mtmp); - break; + if (motd_path_copy != NULL) { + if (pam_split_string(pamh, motd_path_copy, ':', + &motd_path_split, &num_motd_paths) == 0) { + goto out; + } } - _pam_drop (mtmp); + if (motd_dir_path != NULL) { + motd_dir_path_copy = strdup(motd_dir_path); + } - if (fd >= 0) - close(fd); + if (motd_dir_path_copy != NULL) { + if (pam_split_string(pamh, motd_dir_path_copy, ':', + &motd_dir_path_split, &num_motd_dir_paths) == 0) { + goto out; + } + } - return retval; + retval = try_to_display(pamh, motd_path_split, num_motd_paths, + motd_dir_path_split, num_motd_dir_paths, + report_missing); + + out: + _pam_drop(motd_path_copy); + _pam_drop(motd_path_split); + _pam_drop(motd_dir_path_copy); + _pam_drop(motd_dir_path_split); + + if (retval == PAM_SUCCESS) { + retval = pam_putenv(pamh, "MOTD_SHOWN=pam"); + return retval == PAM_SUCCESS ? PAM_IGNORE : retval; + } else { + return retval; + } } /* end of module definition */ Index: Linux-PAM-1.3.0/doc/sag/Linux-PAM_SAG.txt =================================================================== --- Linux-PAM-1.3.0.orig/doc/sag/Linux-PAM_SAG.txt +++ Linux-PAM-1.3.0/doc/sag/Linux-PAM_SAG.txt @@ -2938,13 +2938,38 @@ pam_mkhomedir was written by Jason Gunth 6.21. pam_motd - display the motd file -pam_motd.so [ motd=/path/filename ] +pam_motd.so [ motd=/path/filename ] [ motd_dir=/path/dirname.d ] 6.21.1. DESCRIPTION pam_motd is a PAM module that can be used to display arbitrary motd (message of -the day) files after a successful login. By default the /etc/motd file is -shown. The message size is limited to 64KB. +the day) files after a successful login. By default, pam_motd shows files in +the following locations: + /etc/motd + /run/motd + /usr/lib/motd + /etc/motd.d/ + /run/motd.d/ + /usr/lib/motd.d/ +Each message size is limited to 64KB. + +Similar overriding behavior applies to the directories. +Files in /etc/motd.d/ override files with the same name in +/run/motd.d/ and /usr/lib/motd.d/. Files in /run/motd.d/ +override files with the same name in /usr/lib/motd.d/. + +Files in the directories listed above are displayed in lexicographic +order by name. Moreover, the files are filtered by reading them with the +credentials of the target user authenticating on the system. + +To silence a message, +a symbolic link with target /dev/null may be placed in /etc/motd.d with +the same filename as the message to be silenced. Example: +Creating a symbolic link as follows silences /usr/lib/motd.d/my_motd + ln -s /dev/null /etc/motd.d/my_motd + +The MOTD_SWHOWN=pam environment variable is set after showing the +motdfiles, even when all of them were silenced using symbolic links. 6.21.2. OPTIONS @@ -2952,6 +2977,10 @@ motd=/path/filename The /path/filename file is displayed as message of the day. +motd_dir=/path/dirname.d + + The files in /path/dirname.d directory are diplayed as message of the day. + 6.21.3. MODULE TYPES PROVIDED Only the session module type is provided. @@ -2966,7 +2995,7 @@ PAM_IGNORE The suggested usage for /etc/pam.d/login is: -session optional pam_motd.so motd=/etc/motd +session optional pam_motd.so motd=/etc/motd motd_dir=/etc/motd.d 6.21.6. AUTHOR Index: Linux-PAM-1.3.0/doc/sag/html/sag-pam_motd.html =================================================================== --- Linux-PAM-1.3.0.orig/doc/sag/html/sag-pam_motd.html +++ Linux-PAM-1.3.0/doc/sag/html/sag-pam_motd.html @@ -3,13 +3,40 @@ ]</p></div><div class="section"><div class="titlepage"><div><div><h3 class="title"><a name="sag-pam_motd-description"></a>6.21.1. DESCRIPTION</h3></div></div></div><p> pam_motd is a PAM module that can be used to display arbitrary motd (message of the day) files after a successful - login. By default the <code class="filename">/etc/motd</code> file is - shown. The message size is limited to 64KB. + login. + </p><p> + By default, pam_motd shows files in the followiing locations: + </p><p> + <code class="filename">/etc/motd</code> + </p><p> + <code class="filename">/run/motd</code> + </p><p> + <code class="filename">/usr/lib/motd</code> + </p><p> + <code class="filename">/etc/motd.d/</code> + </p><p> + <code class="filename">/run/motd.d</code> + </p><p> + <code class="filename">/usr/lib/motd.d</code> + </p><p> + Each message size is limited to 64KB. + </p><p> + If <code class="filename">/etc/motd</code> does not exists, then <code class="filename">/run/motd</code> is shown, then <code class="filename">/usr/lib/motd</code> is shown. Similar overriding behavior applies to the directories. + </p><p> + Files in the directories listed above are displayed in lexicographic order by name. Moreover, the files are filtered by reading them with the credentials of the target user authenticating on the system + </p><p> + To silence a message, a symbolic link with target <code class="filename">/dev/null</code> may be placed in <code class="filename">/etc/motd.d</code> with the same filename as the message to be silenced. </p></div><div class="section"><div class="titlepage"><div><div><h3 class="title"><a name="sag-pam_motd-options"></a>6.21.2. OPTIONS</h3></div></div></div><div class="variablelist"><dl class="variablelist"><dt><span class="term"> <code class="option">motd=<em class="replaceable"><code>/path/filename</code></em></code> </span></dt><dd><p> The <code class="filename">/path/filename</code> file is displayed - as message of the day. + as message of the day. Multiple paths to try can be specified as a colon-separated list. + By default this option is set to <code class="filename">/etc/motd:/run/motd:/usr/lib/motd</code> + </p></dd><dt><span class="term"> + <code class="option">motd_dir=<em class="replaceable"><code>/path/dirname.d</code></em></code> + </span></dt><dd><p> + The <code class="filename">/path/dirname.d</code> directory is scanned and each file contained inside of it is displayed. Multiple directories to scan can be specified as a colon-separated list. + By default this option is set to <code class="filename">etc/motd.d:/run/motd.d:/usr/lib/motd.d</code> </p></dd></dl></div></div><div class="section"><div class="titlepage"><div><div><h3 class="title"><a name="sag-pam_motd-types"></a>6.21.3. MODULE TYPES PROVIDED</h3></div></div></div><p> Only the <code class="option">session</code> module type is provided. </p></div><div class="section"><div class="titlepage"><div><div><h3 class="title"><a name="sag-pam_motd-return_values"></a>6.21.4. RETURN VALUES</h3></div></div></div><div class="variablelist"><dl class="variablelist"><dt><span class="term">PAM_IGNORE</span></dt><dd><p> @@ -17,7 +44,7 @@ </p></dd></dl></div></div><div class="section"><div class="titlepage"><div><div><h3 class="title"><a name="sag-pam_motd-examples"></a>6.21.5. EXAMPLES</h3></div></div></div><p> The suggested usage for <code class="filename">/etc/pam.d/login</code> is: </p><pre class="programlisting"> -session optional pam_motd.so motd=/etc/motd +session optional pam_motd.so </pre><p> </p></div><div class="section"><div class="titlepage"><div><div><h3 class="title"><a name="sag-pam_motd-author"></a>6.21.6. AUTHOR</h3></div></div></div><p> pam_motd was written by Ben Collins <bcollins@debian.org>. Index: Linux-PAM-1.3.0/modules/pam_motd/README =================================================================== --- Linux-PAM-1.3.0.orig/modules/pam_motd/README +++ Linux-PAM-1.3.0/modules/pam_motd/README @@ -4,21 +4,40 @@ pam_motd — Display the motd file DESCRIPTION -pam_motd is a PAM module that can be used to display arbitrary motd (message of -the day) files after a successful login. By default the /etc/motd file is -shown. The message size is limited to 64KB. +pam_motd is a PAM module that can be used to display arbitrary motd (message of +the day) files after a successful login. By default, pam_motd shows files in the +following locations: /etc/motd, /run/motd, /usr/lib/motd, /etc/motd.d, /run/motd.d/, +/usr/lib/motd.d. Each message size is limited to 64KB. + +If /etc/motd does not exist, then /run/motd is shown. If /run/motd does not exist, then +/usr/lib/motd is shown. Similar overriding behavior applies to the directories. + +Files in the directories listed above are displayed in lexicographic +order by name. Moreover, the files are filtered by reading them with the +credentials of the target user authenticating on the system. + +To silence a message, a symbolic link with target /dev/null may be placed +in /etc/motd.d with the same filename as the message to be silenced. OPTIONS motd=/path/filename The /path/filename file is displayed as message of the day. + Multiple paths to try can be specified as a colon-separated list. By default this option + is set to /etc/motd:/run/motd:/usr/lib/motd. + +motd_dir=/path/firname.d + + The /path/dirname.d directory is scanned and each file contained inside of it is displayed. + Multiple directories to scan can be specified as a colon-separated list. By default + this option is set to /etc/motd.d:/run/motd.d:/usr/lib/motd.d EXAMPLES The suggested usage for /etc/pam.d/login is: -session optional pam_motd.so motd=/etc/motd +session optional pam_motd.so AUTHOR Index: Linux-PAM-1.3.0/modules/pam_motd/pam_motd.8 =================================================================== --- Linux-PAM-1.3.0.orig/modules/pam_motd/pam_motd.8 +++ Linux-PAM-1.3.0/modules/pam_motd/pam_motd.8 @@ -1,13 +1,13 @@ '\" t .\" Title: pam_motd .\" Author: [see the "AUTHOR" section] -.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/> -.\" Date: 04/01/2016 +.\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/> +.\" Date: 09/07/2022 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual .\" Language: English .\" -.TH "PAM_MOTD" "8" "04/01/2016" "Linux-PAM Manual" "Linux\-PAM Manual" +.TH "PAM_MOTD" "8" "09/07/2022" "Linux-PAM Manual" "Linux\-PAM Manual" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- @@ -31,20 +31,85 @@ pam_motd \- Display the motd file .SH "SYNOPSIS" .HP \w'\fBpam_motd\&.so\fR\ 'u -\fBpam_motd\&.so\fR [motd=\fI/path/filename\fR] +\fBpam_motd\&.so\fR [motd=\fI/path/filename\fR] [motd_dir=\fI/path/dirname\&.d\fR] .SH "DESCRIPTION" .PP -pam_motd is a PAM module that can be used to display arbitrary motd (message of the day) files after a successful login\&. By default the +pam_motd is a PAM module that can be used to display arbitrary motd (message of the day) files after a successful login\&. By default, pam_motd shows files in the following locations: +.PP +.RS 4 /etc/motd -file is shown\&. The message size is limited to 64KB\&. +.RE +.RS 4 +/run/motd +.RE +.RS 4 +/usr/lib/motd +.RE +.RS 4 +/etc/motd\&.d/ +.RE +.RS 4 +/run/motd\&.d/ +.RE +.RS 4 +/usr/lib/motd\&.d/ +.RE +.PP +Each message size is limited to 64KB\&. +.PP +If +/etc/motd +does not exist, then +/run/motd +is shown\&. If +/run/motd +does not exist, then +/usr/lib/motd +is shown\&. +.PP +Similar overriding behavior applies to the directories\&. Files in +/etc/motd\&.d/ +override files with the same name in +/run/motd\&.d/ +and +/usr/lib/motd\&.d/\&. Files in +/run/motd\&.d/ +override files with the same name in +/usr/lib/motd\&.d/\&. +.PP +Files in the directories listed above are displayed in lexicographic order by name\&. Moreover, the files are filtered by reading them with the credentials of the target user authenticating on the system\&. +.PP +To silence a message, a symbolic link with target +/dev/null +may be placed in +/etc/motd\&.d +with the same filename as the message to be silenced\&. Example: Creating a symbolic link as follows silences +/usr/lib/motd\&.d/my_motd\&. +.PP +\fBln \-s /dev/null /etc/motd\&.d/my_motd\fR +.PP +The +\fBMOTD_SHOWN=pam\fR +environment variable is set after showing the motd files, even when all of them were silenced using symbolic links\&. .SH "OPTIONS" .PP \fBmotd=\fR\fB\fI/path/filename\fR\fR .RS 4 The /path/filename -file is displayed as message of the day\&. +file is displayed as message of the day\&. Multiple paths to try can be specified as a colon\-separated list\&. By default this option is set to +/etc/motd:/run/motd:/usr/lib/motd\&. .RE +.PP +\fBmotd_dir=\fR\fB\fI/path/dirname\&.d\fR\fR +.RS 4 +The +/path/dirname\&.d +directory is scanned and each file contained inside of it is displayed\&. Multiple directories to scan can be specified as a colon\-separated list\&. By default this option is set to +/etc/motd\&.d:/run/motd\&.d:/usr/lib/motd\&.d\&. +.RE +.PP +When no options are given, the default behavior applies for both options\&. Specifying either option (or both) will disable the default behavior for both options\&. .SH "MODULE TYPES PROVIDED" .PP Only the @@ -52,9 +117,19 @@ Only the module type is provided\&. .SH "RETURN VALUES" .PP +PAM_ABORT +.RS 4 +Not all relevant data or options could be obtained\&. +.RE +.PP +PAM_BUF_ERR +.RS 4 +Memory buffer error\&. +.RE +.PP PAM_IGNORE .RS 4 -This is the only return value of this module\&. +This is the default return value of this module\&. .RE .SH "EXAMPLES" .PP @@ -66,7 +141,39 @@ is: .RS 4 .\} .nf -session optional pam_motd\&.so motd=/etc/motd +session optional pam_motd\&.so + +.fi +.if n \{\ +.RE +.\} +.PP +To use a +motd +file from a different location: +.sp +.if n \{\ +.RS 4 +.\} +.nf +session optional pam_motd\&.so motd=/elsewhere/motd + +.fi +.if n \{\ +.RE +.\} +.PP +To use a +motd +file from elsewhere, along with a corresponding +\&.d +directory: +.sp +.if n \{\ +.RS 4 +.\} +.nf +session optional pam_motd\&.so motd=/elsewhere/motd motd_dir=/elsewhere/motd\&.d .fi .if n \{\ @@ -82,3 +189,7 @@ session optional pam_motd\&.so motd=/ .SH "AUTHOR" .PP pam_motd was written by Ben Collins <bcollins@debian\&.org>\&. +.PP +The +\fBmotd_dir=\fR +option was added by Allison Karlitskaya <allison\&.karlitskaya@redhat\&.com>\&.
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor
