红帽全球峰会此内容没有您所选择的语言版本。
27.5. Enabling Console Access for Other Applications
To make other applications accessible to console users, a bit more work is required.
First of all, console access only works for applications which reside in
/sbin/ or /usr/sbin/, so the application that you wish to run must be there. After verifying that, do the following steps:
- Create a link from the name of your application, such as our sample
fooprogram, to the/usr/bin/consolehelperapplication:cd /usr/binln -s consolehelper foo
cd /usr/binln -s consolehelper fooCopy to Clipboard Copied! Toggle word wrap Toggle overflow - Create the file
/etc/security/console.apps/foo:touch /etc/security/console.apps/foo
touch /etc/security/console.apps/fooCopy to Clipboard Copied! Toggle word wrap Toggle overflow - Create a PAM configuration file for the
fooservice in/etc/pam.d/. An easy way to do this is to start with a copy of the halt service's PAM configuration file, and then modify the file if you want to change the behavior:cp /etc/pam.d/halt /etc/pam.d/foo
cp /etc/pam.d/halt /etc/pam.d/fooCopy to Clipboard Copied! Toggle word wrap Toggle overflow
Now, when
/usr/bin/foo is executed, consolehelper is called, which authenticates the user with the help of /usr/sbin/userhelper. To authenticate the user, consolehelper asks for the user's password if /etc/pam.d/foo is a copy of /etc/pam.d/halt (otherwise, it does precisely what is specified in /etc/pam.d/foo) and then runs /usr/sbin/foo with root permissions.
In the PAM configuration file, an application can be configured to use the pam_timestamp module to remember (or cache) a successful authentication attempt. When an application is started and proper authentication is provided (the root password), a timestamp file is created. By default, a successful authentication is cached for five minutes. During this time, any other application that is configured to use
pam_timestamp and run from the same session is automatically authenticated for the user — the user does not have to enter the root password again.
This module is included in the
pam package. To enable this feature, the PAM configuration file in etc/pam.d/ must include the following lines:
auth sufficient /lib/security/pam_timestamp.so session optional /lib/security/pam_timestamp.so
auth sufficient /lib/security/pam_timestamp.so
session optional /lib/security/pam_timestamp.so
The first line that begins with
auth should be after any other auth sufficient lines, and the line that begins with session should be after any other session optional lines.
If an application configured to use 
icon is displayed in the notification area of the panel if you are running the GNOME or KDE desktop environment. After the authentication expires (the default is five minutes), the icon disappears.
pam_timestamp is successfully authenticated from the (on the Panel), the
icon is displayed in the notification area of the panel if you are running the GNOME or KDE desktop environment. After the authentication expires (the default is five minutes), the icon disappears.
The user can select to forget the cached authentication by clicking on the icon and selecting the option to forget authentication.
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}