path: root/modules/pam_rootok/README
diff options
authorThorsten Kukuk <>2006-06-04 12:11:15 +0000
committerThorsten Kukuk <>2006-06-04 12:11:15 +0000
commit5ab868cf378dd507deb5d65d48adab2cfaec2472 (patch)
treeba57cf3de1c4686537497ce189c90f3f873d599a /modules/pam_rootok/README
parent161f0b1576ce70384aeb006a1cdbc8a11971db0a (diff)
Relevant BUGIDs:
Purpose of commit: new feature Commit summary: --------------- 2006-06-04 Thorsten Kukuk <> * modules/pam_rootok/ Include Make.xml.rules. * modules/pam_rootok/pam_rootok.8.xml: New. * modules/pam_rootok/pam_rootok.8: New, generated from xml file. * modules/pam_rootok/README.xml: New. * modules/pam_rootok/README: Regenerated from xml file.
Diffstat (limited to 'modules/pam_rootok/README')
1 files changed, 27 insertions, 12 deletions
diff --git a/modules/pam_rootok/README b/modules/pam_rootok/README
index cccb5ce1..55a44756 100644
--- a/modules/pam_rootok/README
+++ b/modules/pam_rootok/README
@@ -1,18 +1,33 @@
-# $Id$
+pam_rootok — Gain only root access
-this module is an authentication module that performs one task: if the
-id of the user is '0' then it returns 'PAM_SUCCESS' with the
-'sufficient' /etc/pam.conf control flag it can be used to allow
-password free access to some service for 'root'
-Recognized arguments:
- debug write a message to syslog indicating success or
- failure.
+pam_rootok is a PAM module that authenticates the user if their UID is 0.
+Applications that are created setuid-root generally retain the UID of the user
+but run with the authority of an enhanced effective-UID. It is the real UID
+that is checked.
-module services provided:
- auth _authentication and _setcred (blank)
+ Print debug information.
+In the case of the su(1) application the historical usage is to permit the
+superuser to adopt the identity of a lesser user without the use of a password.
+To obtain this behavior with PAM the following pair of lines are needed for the
+corresponding entry in the /etc/pam.d/su configuration file:
+# su authentication. Root is granted access by default.
+auth sufficient
+auth required
+pam_rootok was written by Andrew G. Morgan, <>.
-Andrew Morgan