os-hardening: Restrictive permissions on pam configuration breaks pam services running as user

### Description

In `roles/os_hardening/tasks/pam_rhel.yml`  all pam service configurations are written with
`mode: "0640"`. This makes the pam services unreadable by e.g. Screensavers running as user accounts such as swaylock or xscreensaver, locking out users in consequence.

Is it really necessary to keep the pam.d configuration from being read?

### Reproduction steps

```Shell
...
```

### Current Behavior

...


### Expected Behavior

...


### OS / Environment

Provide all relevant information below, e.g. target OS versions, network device firmware, etc.


### Ansible Version

```Shell
Paste verbatim output from "ansible --version" between quotes. This will be automatically formatted into code, so no need for backticks.
```

### Collection Version

```Shell
Paste version of the collection. This will be automatically formatted into code, so no need for backticks.
```

### Additional information

...


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

os-hardening: Restrictive permissions on pam configuration breaks pam services running as user #922

Description

Reproduction steps

Current Behavior

Expected Behavior

OS / Environment

Ansible Version

Collection Version

Additional information

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

os-hardening: Restrictive permissions on pam configuration breaks pam services running as user #922

Description

Description

Reproduction steps

Current Behavior

Expected Behavior

OS / Environment

Ansible Version

Collection Version

Additional information

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions