Linux – In Linux, what is /etc/security

authenticationlinux

What is this directory for? Is it part of POSIX? Is it part of the Linux Standard Base? Is it enforced by the kernel or is it more of a distro feature? Where can I find further documentation about it?

Best Answer

Good question, since you will hardly find some documentation that directly answers your questions. I'd say it's part of the LSB, as once you install your Linux system you'll already find this directory created. Moreover, using the apt-file utility on Debian systems you'll see this:

pi@rpi ~ $ apt-file search '/etc/security'
debian-edu-config: /etc/security/pam_mount-stateless-debian-edu.conf
debian-edu-config: /etc/security/pam_mount-winbind-debian-edu.conf
libpam-abl: /etc/security/pam_abl.conf
libpam-blue: /etc/security/bluesscan.conf
libpam-cap: /etc/security/capability.conf
libpam-chroot: /etc/security/chroot.conf
libpam-duo: /etc/security/pam_duo.conf
libpam-encfs: /etc/security/pam_encfs.conf
libpam-modules: /etc/security/access.conf
libpam-modules: /etc/security/group.conf
libpam-modules: /etc/security/limits.conf
libpam-modules: /etc/security/namespace.conf
libpam-modules: /etc/security/namespace.init
libpam-modules: /etc/security/pam_env.conf
libpam-modules: /etc/security/sepermit.conf
libpam-modules: /etc/security/time.conf
libpam-mount: /etc/security/pam_mount.conf.xml
libpam-rsa: /etc/security/pamrsakp.cnf
libpam-shield: /etc/security/shield.conf
libpam-unix2: /etc/security/pam_unix2.default
login-duo: /etc/security/login_duo.conf
rainbow: /etc/security/console.perms.d/51-rainbow.perms
uhd-host: /etc/security/limits.d/uhd.conf

So, there's not a package that concretely creates this directory, that's why I assume it's part of the LSB.

However, I don't think this is part of the kernel. As you can see above, there are many packages that use this directory to put files inside, and as far as I know, is distro dependent. For example, systems that use systemd mostly ignore the content of the ''/etc/security'' directory.

Regarding to functionality, most of the files define limits to resources. As you can see above, most of the files in this directory are related to PAM packages, so in this case you can control how much users you will allow in the system at a time, for example. You can also control how much amount of open files can a process handle, defining both soft and hard limits.

As this is package dependent, you can use man on the several files you'll find inside (i.e., man limits.conf) but there's not a man page that explains the whole directory itself.

Related Question