diff options
author | Serghei Anicheev <serghei.anicheev@gmail.com> | 2020-02-18 21:07:02 +1100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-02-18 11:07:02 +0100 |
commit | f07a873240de53e07897d4ef9d1d3fd0c28fe7bb (patch) | |
tree | de3502f32098fc8e723522af05ba3d63c9a490e1 /modules/pam_succeed_if/pam_succeed_if.8.xml | |
parent | a96e66f788b1460a8ef4c2883207d4474b829d10 (diff) |
pam_succeed_if: Add list support for group membership checks
Examples:
account requisite pam_succeed_if.so user ingroup group1:group2
OR
account requisite pam_succeed_if.so user notingroup group1:group2
OR
account requisite pam_succeed_if.so user ingroup wheel
OR
account requisite pam_succeed_if.so user notingroup wheel
Can be very convenient to grant access based on complex group memberships (LDAP, etc)
Diffstat (limited to 'modules/pam_succeed_if/pam_succeed_if.8.xml')
-rw-r--r-- | modules/pam_succeed_if/pam_succeed_if.8.xml | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/modules/pam_succeed_if/pam_succeed_if.8.xml b/modules/pam_succeed_if/pam_succeed_if.8.xml index 7bdcb024..14d939a3 100644 --- a/modules/pam_succeed_if/pam_succeed_if.8.xml +++ b/modules/pam_succeed_if/pam_succeed_if.8.xml @@ -198,15 +198,15 @@ </listitem> </varlistentry> <varlistentry> - <term><option>user ingroup group</option></term> + <term><option>user ingroup group[:group:....]</option></term> <listitem> - <para>User is in given group.</para> + <para>User is in given group(s).</para> </listitem> </varlistentry> <varlistentry> - <term><option>user notingroup group</option></term> + <term><option>user notingroup group[:group:....]</option></term> <listitem> - <para>User is not in given group.</para> + <para>User is not in given group(s).</para> </listitem> </varlistentry> <varlistentry> @@ -271,10 +271,10 @@ <title>EXAMPLES</title> <para> To emulate the behaviour of <emphasis>pam_wheel</emphasis>, except - there is no fallback to group 0: + there is no fallback to group 0 being only approximated by checking also the root group membership: </para> <programlisting> -auth required pam_succeed_if.so quiet user ingroup wheel +auth required pam_succeed_if.so quiet user ingroup wheel:root </programlisting> <para> |