diff options
| author | Thorsten Kukuk <kukuk@thkukuk.de> | 2006-06-04 12:11:15 +0000 |
|---|---|---|
| committer | Thorsten Kukuk <kukuk@thkukuk.de> | 2006-06-04 12:11:15 +0000 |
| commit | 5ab868cf378dd507deb5d65d48adab2cfaec2472 (patch) | |
| tree | ba57cf3de1c4686537497ce189c90f3f873d599a /modules/pam_rootok/README | |
| parent | 161f0b1576ce70384aeb006a1cdbc8a11971db0a (diff) | |
Relevant BUGIDs:
Purpose of commit: new feature
Commit summary:
---------------
2006-06-04 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_rootok/Makefile.am: Include Make.xml.rules.
* modules/pam_rootok/pam_rootok.8.xml: New.
* modules/pam_rootok/pam_rootok.8: New, generated from xml file.
* modules/pam_rootok/README.xml: New.
* modules/pam_rootok/README: Regenerated from xml file.
Diffstat (limited to 'modules/pam_rootok/README')
| -rw-r--r-- | modules/pam_rootok/README | 39 |
1 files changed, 27 insertions, 12 deletions
diff --git a/modules/pam_rootok/README b/modules/pam_rootok/README index cccb5ce1..55a44756 100644 --- a/modules/pam_rootok/README +++ b/modules/pam_rootok/README @@ -1,18 +1,33 @@ -# $Id$ -# +pam_rootok — Gain only root access -this module is an authentication module that performs one task: if the -id of the user is '0' then it returns 'PAM_SUCCESS' with the -'sufficient' /etc/pam.conf control flag it can be used to allow -password free access to some service for 'root' +━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ -Recognized arguments: +DESCRIPTION - debug write a message to syslog indicating success or - failure. +pam_rootok is a PAM module that authenticates the user if their UID is 0. +Applications that are created setuid-root generally retain the UID of the user +but run with the authority of an enhanced effective-UID. It is the real UID +that is checked. -module services provided: +OPTIONS - auth _authentication and _setcred (blank) +debug + + Print debug information. + +EXAMPLES + +In the case of the su(1) application the historical usage is to permit the +superuser to adopt the identity of a lesser user without the use of a password. +To obtain this behavior with PAM the following pair of lines are needed for the +corresponding entry in the /etc/pam.d/su configuration file: + +# su authentication. Root is granted access by default. +auth sufficient pam_rootok.so +auth required pam_unix.so + + +AUTHOR + +pam_rootok was written by Andrew G. Morgan, <morgan@kernel.org>. -Andrew Morgan |