linux - Deploy PAM system-auth file from Configuration Server (Spacewalk)

07
2014-07
  • midnightrunner8

    I have my pam.d system-auth file set up correctly on a laptop to set password complexity requirements. If the contents of the file are copied directly into the /etc/pam.d/system-auth location (or the /etc/pam.d/system-auth-ac if the symlink is set up) on another laptop, it works there, too.

    However, I am trying to use the Spacewalk configuration file deployment option to deploy to these systems so I can be sure the policy isn't altered at a later time. When the file is copied to the location, it won't allow any password changes. It just says permission denied.

    I verified that the read/write access is correct, and all SELinux contexts are set correctly. I feel like there is a permission or account restriction here that I am not considering.

    Does anyone have any recommendations?

    • Answers
  • midnightrunner8

    I was able to figure this out.

    I had to deploy the file with different selinux contexts than anticipated. I checked the contexts of the original file prior to deployment using:

    ls -Z

    Then, I used those specific options and had success.

    If anyone else ever runs into this issue, I hope that this helps.


    • Related Question

    windows - Operating system and disk format for a home server
  • RussellW

    I have a Sun Ultra 24 that I am using as a home server, with 2x 1TB SATA drives, and two other drives for my OS and miscellaneous files. Eventually, I will replace those with 1TB SATA disks as well. This server has 4GB of memory, expandable to 8GB.

    The 1TB disks are manually mirrored now, I would possibly like to set up RAID on them. I am using the disks for backup for my music, photos, and movies (iDVD projects). I have an iMac with 500G that is the source of much of this data that I am moving to the server. I also have my Windows 7 laptop (business) and a WinXP laptop for the kids (no data, just games). I have a gigabit network setup to facilitate file transfers between the computers.

    My question is this: what OS (CentOS vs Win2008), subsequent file system (ext vs NTFS), and mirroring (RAID 1 or manual) should I go with to meet my requirements? (I need a 64 bit OS to take advantage of all 4GB of memory)

    Needs (in order of priority): 1 - All computers should be able to access the backup directory to put or retrieve files
    2 - Ability to pull a drive out and put into an external enclosure to recover any data or move massive amounts of data
    3 - RAID setup between the disks, or a good process that copies from one drive to the other. I am using CopyToSynchronizer now to copy from one to the other. I can live with a weekly copy of one 1TB disk to the other.
    4 - Easy to setup/manage/maintain
    5 - Easy to expose my "miscellaneous disk" through a web server or other application so that I can access the files remotely, upload files, etc
    6 - Easy eventual upgrade of the two 1TB disks to 2TB disks (1-2 years) 7 - Remote access, either RDC, VNC through an SSH tunnel
    8 - Proxy server on the OS
    9 - Print server on the network

    Supplementary information Currently, the OS is Windows Server 2003, with the drives being NTFS. I am running VMWare Workstation and two guest OS: a WinXP that is needed to run certain software on the server that is not Windows Server compatible (very light requirements on this OS), and CentOS as a linux server for FTP, SSH, HTTP

    I am not very happy with the performance of Win2003, as well as the constant need to install updates. I do not run a domain controller or anything else on the Win2003 server that I could not port to CentOS. If I go with CentOS (ext2 file system) on the server, I can eliminate a VMWare guest VM and just run WinXP as a guest.

    I have a legitimate license for Win2008 through my MSDN subscription.

    The Sun Ultra 24 supports RAID 1 with linux, RAID 0, 1, 5, 10 with Windows.

    I am somewhat proficient at linux, but much more proficient with Windows, only because of experience. I do enjoy tinkering with linux, but I am looking for ease of managing.


    • Related Answers
  • GAThrawn

    Have you looked at Microsoft's Windows Home Server? As far as I can see it supports all of your requirements, except for proxy server functionality straight out of the box. It has a healthy add-ons eco-system providing loads of extra functionality and is based on Server 2003, so can have pretty much any software that'll run loaded on top too.

    1 It has built-in functionality to do automatic, full image-based differential backups of all Windows client OS's (and Mac too using add-on software), designed so that you can bare-metal restore any of your client machines, these backups can also be mounted as an extra drive on any machine running the WHS client to pull any files out.

    2 The drives are standard NTFS formatted hard drives, I have pulled a disk out of my home server, put it in a normal USB caddy and plugged it into my Vista system to get files off.

    3 It deliberately doesn't use RAID but uses Drive Extender and file duplicatino systems to treat all the drives in the system as one big pool of disk space, which files are then duplicated across. As long as you tick the duplication box on each share then every file on that share is copied onto two physocal disks and kept in sync. (One of Microsoft's coders has a good comparison of RAID vs DE here Windows Home Server's Drive Extender vs RAID, and the official WHS Team Blog explains exactly why they didn't use RAID here Why RAID is not a consumer technology.)

    4 It's designed to run totally headless, no need for a screen or keyboard, mine has just an ethernet and a power cable plugged in. Unless you're a real power user you never have any need to ever get onto the server's console, everything can be done with a couple of clicks throught the specific WHS Console app.

    5 It comes with a built-in SSL secured web server and dynamic dns based sub-domain name. This exposes all the shares that you want to on its own website with the ability to upload or download files as required.

    6 Presuming you have enough physical space in your box for extra drives, adding a drive is just a case of plugging it in, then going into the WHS Console's Server Storage screen and right-click Add it. Removing a disk is a case of right-clicking it in the console and selecting Remove, then waiting until the server tells you that all data has been moved off onto another physical disk. Disks don't have to be internal, USB or eSata attached drives can also be added/removed from the storage pool.

    7 Over the same SSL secured web connection, available from your WHS's web site is a remote control feature where you can remotely control any of your client PCs (that are left switched on) over the web using an RDP ActiveX widget, and access the server's WHS Console.

    8 not available built-in

    9 can use it exactly the same as any other Windows server to share printers out.

    Not sure what the licensing situation is like with MSDN, but WIndows Home Server is definitely available on various Technet subscripotions.

  • ocsid80

    For such a setup I would go for a Linux host with a Windows XP guest under VirtualBox.

    Not sure about CentOS. Personally, I like (and worked with) CentOS very much, but right now the distribution is getting too old and there are some compatibility issues with latest versions of various software packages.

    Right now I am working with Fedora 10 as a stable host machine providing SAMBA and HTTP services and holding a VirtualBox installation with a mix of guest operating systems.

    All guests are configured to work in the bridged networking mode, so each guest host is visible on the network as a regular host and can access the server itself trough the network.