summaryrefslogtreecommitdiff
path: root/modules/pam_wheel/pam_wheel.8
diff options
context:
space:
mode:
authorSteve Langasek <steve.langasek@ubuntu.com>2019-01-03 16:26:05 -0800
committerSteve Langasek <steve.langasek@ubuntu.com>2019-01-03 17:26:38 -0800
commit9c52e721044e7501c3d4567b36d222dc7326224a (patch)
tree9011790770130c60a712a6f125ad50d60e07cc74 /modules/pam_wheel/pam_wheel.8
parent9727ff2a3fa0e94a42b34a579027bacf4146d571 (diff)
parent186ff16e8d12ff15d518000c17f115ccab5275a4 (diff)
New upstream version 1.0.1
Diffstat (limited to 'modules/pam_wheel/pam_wheel.8')
-rw-r--r--modules/pam_wheel/pam_wheel.8127
1 files changed, 127 insertions, 0 deletions
diff --git a/modules/pam_wheel/pam_wheel.8 b/modules/pam_wheel/pam_wheel.8
new file mode 100644
index 00000000..f1c63dac
--- /dev/null
+++ b/modules/pam_wheel/pam_wheel.8
@@ -0,0 +1,127 @@
+.\" Title: pam_wheel
+.\" Author:
+.\" Generator: DocBook XSL Stylesheets v1.73.1 <http://docbook.sf.net/>
+.\" Date: 04/16/2008
+.\" Manual: Linux-PAM Manual
+.\" Source: Linux-PAM Manual
+.\"
+.TH "PAM_WHEEL" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.SH "NAME"
+pam_wheel - Only permit root access to members of group wheel
+.SH "SYNOPSIS"
+.HP 13
+\fBpam_wheel\.so\fR [debug] [deny] [group=\fIname\fR] [root_only] [trust] [use_uid]
+.SH "DESCRIPTION"
+.PP
+The pam_wheel PAM module is used to enforce the so\-called
+\fIwheel\fR
+group\. By default it permits root access to the system if the applicant user is a member of the
+\fIwheel\fR
+group\. If no group with this name exist, the module is using the group with the group\-ID
+\fB0\fR\.
+.SH "OPTIONS"
+.PP
+\fBdebug\fR
+.RS 4
+Print debug information\.
+.RE
+.PP
+\fBdeny\fR
+.RS 4
+Reverse the sense of the auth operation: if the user is trying to get UID 0 access and is a member of the wheel group (or the group of the
+\fBgroup\fR
+option), deny access\. Conversely, if the user is not in the group, return PAM_IGNORE (unless
+\fBtrust\fR
+was also specified, in which case we return PAM_SUCCESS)\.
+.RE
+.PP
+\fBgroup=\fR\fB\fIname\fR\fR
+.RS 4
+Instead of checking the wheel or GID 0 groups, use the
+\fB\fIname\fR\fR
+group to perform the authentication\.
+.RE
+.PP
+\fBroot_only\fR
+.RS 4
+The check for wheel membership is done only\.
+.RE
+.PP
+\fBtrust\fR
+.RS 4
+The pam_wheel module will return PAM_SUCCESS instead of PAM_IGNORE if the user is a member of the wheel group (thus with a little play stacking the modules the wheel members may be able to su to root without being prompted for a passwd)\.
+.RE
+.PP
+\fBuse_uid\fR
+.RS 4
+The check for wheel membership will be done against the current uid instead of the original one (useful when jumping with su from one account to another for example)\.
+.RE
+.SH "MODULE SERVICES PROVIDED"
+.PP
+The
+\fBauth\fR
+and
+\fBaccount\fR
+services are supported\.
+.SH "RETURN VALUES"
+.PP
+PAM_AUTH_ERR
+.RS 4
+Authentication failure\.
+.RE
+.PP
+PAM_BUF_ERR
+.RS 4
+Memory buffer error\.
+.RE
+.PP
+PAM_IGNORE
+.RS 4
+The return value should be ignored by PAM dispatch\.
+.RE
+.PP
+PAM_PERM_DENY
+.RS 4
+Permission denied\.
+.RE
+.PP
+PAM_SERVICE_ERR
+.RS 4
+Cannot determine the user name\.
+.RE
+.PP
+PAM_SUCCESS
+.RS 4
+Success\.
+.RE
+.PP
+PAM_USER_UNKNOWN
+.RS 4
+User not known\.
+.RE
+.SH "EXAMPLES"
+.PP
+The root account gains access by default (rootok), only wheel members can become root (wheel) but Unix authenticate non\-root applicants\.
+.sp
+.RS 4
+.nf
+su auth sufficient pam_rootok\.so
+su auth required pam_wheel\.so
+su auth required pam_unix\.so
+
+.fi
+.RE
+.sp
+.SH "SEE ALSO"
+.PP
+
+\fBpam.conf\fR(5),
+\fBpam.d\fR(8),
+\fBpam\fR(8)
+.SH "AUTHOR"
+.PP
+pam_wheel was written by Cristian Gafton <gafton@redhat\.com>\.