path: root/modules/pam_succeed_if/pam_succeed_if.8.xml
diff options
authorSerghei Anicheev <>2020-02-18 21:07:02 +1100
committerGitHub <>2020-02-18 11:07:02 +0100
commitf07a873240de53e07897d4ef9d1d3fd0c28fe7bb (patch)
treede3502f32098fc8e723522af05ba3d63c9a490e1 /modules/pam_succeed_if/pam_succeed_if.8.xml
parenta96e66f788b1460a8ef4c2883207d4474b829d10 (diff)
pam_succeed_if: Add list support for group membership checks
Examples: account requisite user ingroup group1:group2 OR account requisite user notingroup group1:group2 OR account requisite user ingroup wheel OR account requisite user notingroup wheel Can be very convenient to grant access based on complex group memberships (LDAP, etc)
Diffstat (limited to 'modules/pam_succeed_if/pam_succeed_if.8.xml')
1 files changed, 6 insertions, 6 deletions
diff --git a/modules/pam_succeed_if/pam_succeed_if.8.xml b/modules/pam_succeed_if/pam_succeed_if.8.xml
index 7bdcb024..14d939a3 100644
--- a/modules/pam_succeed_if/pam_succeed_if.8.xml
+++ b/modules/pam_succeed_if/pam_succeed_if.8.xml
@@ -198,15 +198,15 @@
- <term><option>user ingroup group</option></term>
+ <term><option>user ingroup group[:group:....]</option></term>
- <para>User is in given group.</para>
+ <para>User is in given group(s).</para>
- <term><option>user notingroup group</option></term>
+ <term><option>user notingroup group[:group:....]</option></term>
- <para>User is not in given group.</para>
+ <para>User is not in given group(s).</para>
@@ -271,10 +271,10 @@
To emulate the behaviour of <emphasis>pam_wheel</emphasis>, except
- there is no fallback to group 0:
+ there is no fallback to group 0 being only approximated by checking also the root group membership:
-auth required quiet user ingroup wheel
+auth required quiet user ingroup wheel:root