Hello,
I’d like to start off by saying I know nothing about pam.
I’m in the process of trying to set up pam_snapper and I’d like to check a few things before I proceed.
I’m running Tumbleweed and have already used /usr/lib/pam_snapper/pam_snapper_homeconvert.sh to convert my home dir in to a btrfs subvol.
In the pam_snapper man page it states:
Add the following line to /etc/pam.d/common-session:
session optional pam_snapper.so
I believe the shell script /usr/lib/pam_snapper/pam_snapper_pamconfig.sh can automate that step too.
It would seem that by default c is a symlink to the file /etc/pam.d/common-session-pc
When trying to find out more about pam and the relationship between the files in /etc/pam.d/ I came across this link: https://www.suse.com/support/kb/doc/?id=000018934
This bit in particular is what’s concerning me:
Removing these symbolic links effectively disables pam-config, because pam-config only operates on the common-*-pc files and these files are not put into effect without the symbolic links.
And then in the pam-config man page:
The configuration for gobal (I asume it meant global?) service modules written by pam-config is ignored by the system if the common-{account,auth,password,session} symlinks don’t point to the common-{account,auth,password,session}-pc files.
I believe that if I added the pam_snapper entry to the /etc/pam.d/common-session-pc file it’ll be overwritten whenever pam-config is called.
My questions are:
If I make the changes myself or run the pam_snapper_pamconfig.sh to automate it, what happens then?
I ask, because to someone who knows nothing about pam, it makes it sound like any updates or newly installed software which would normally have their entries added to /etc/pam.d/common-session-pc will be ignored if you have a /etc/pam.d/common-session file.
If it that is so, then how would I use pam_snapper and not end up having to manually keep tabs on pam configurations whenever I install, remove or update software?
Or do I have all of that wrong and it’ll be alright if I run /usr/lib/pam_snapper/pam_snapper_pamconfig.sh ?