Fedora Linux

# Uncomment the following line to implicitly trust users in the 'wheel' group.
#auth sufficient pam_wheel.so trust use_uid
# Uncomment the following line to require a user to be in the 'wheel' group.
#auth required pam_wheel.so use_uid
auth sufficient pam_console.so
auth include system-auth
account include system-auth
password include system-auth
session include system-auth
session optional pam_xauth.so

Then create the file /etc/security/console.apps/su :

# touch /etc/security/console.apps/su

You can now use su at the console without entering the root password.

This is, obviously, a security risk.

8.6.4. Where Can I Learn More?

? The manpages for pam , consolehelper , userhelper , and authconfig

? The PAM administrator's guide: /usr/share/doc/pam*/html

? The manpages for the PAM modules (use the command apropos pam_ to see a list of all of them); not all of the PAM modules have a manpage

8.7. Logging

It's important to know what is going on on your system. Fedora provides a standardized, network-based logging system and tools to automatically monitor and trim logfiles. Understanding and using these tools effectively will allow you to keep your finger on the pulse of your system with minimal effort.

8.7.1. How Do I Do That?

The syslog facility collects and routes messages in a Fedora system. The file /etc/syslog.conf configures the message routing; the default version of the file looks like this:

# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.* /dev/console
# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none /var/log/messages
# The authpriv file has restricted access.
authpriv.* /var/log/secure
# Log all the mail messages in one place.
mail.* -/var/log/maillog
# Log cron stuff
cron.* /var/log/cron
# Everybody gets emergency messages
*.emerg *
# Save news errors of level crit and higher in a special file.
uucp,news.crit /var/log/spooler
# Save boot messages also to boot.log
local7.* /var/log/boot.log

On the left side of each entry is a pattern that consists of selectors. Each selector contains one or more facilities (separated by commas), then a period, and then one or more levels (again, separated by commas).

The facility indicates the origin of the log entry. Possible values are shown in Table 8-3 .

Table 8-3. Facility values to indicate the origin of the log entry

Value	Description
authpriv	Security, authentication, or authorization systems.
cron	Task scheduler (crond and atd).
daemon	Server daemons that don't have a category of their own.