diff options
Diffstat (limited to 'Linux-PAM/modules/pam_group/pam_group.8.xml')
-rw-r--r-- | Linux-PAM/modules/pam_group/pam_group.8.xml | 162 |
1 files changed, 0 insertions, 162 deletions
diff --git a/Linux-PAM/modules/pam_group/pam_group.8.xml b/Linux-PAM/modules/pam_group/pam_group.8.xml deleted file mode 100644 index f7488fb3..00000000 --- a/Linux-PAM/modules/pam_group/pam_group.8.xml +++ /dev/null @@ -1,162 +0,0 @@ -<?xml version="1.0" encoding="ISO-8859-1"?> -<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN" - "http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd"> - -<refentry id='pam_group'> - - <refmeta> - <refentrytitle>pam_group</refentrytitle> - <manvolnum>8</manvolnum> - <refmiscinfo class='setdesc'>Linux-PAM Manual</refmiscinfo> - </refmeta> - - <refnamediv id='pam_group-name'> - <refname>pam_group</refname> - <refpurpose> - PAM module for group access - </refpurpose> - </refnamediv> - -<!-- body begins here --> - - <refsynopsisdiv> - <cmdsynopsis id="pam_group-cmdsynopsis"> - <command>pam_group.so</command> - </cmdsynopsis> - </refsynopsisdiv> - - - <refsect1 id="pam_group-description"> - <title>DESCRIPTION</title> - <para> - The pam_group PAM module does not authenticate the user, but instead - it grants group memberships (in the credential setting phase of the - authentication module) to the user. Such memberships are based on the - service they are applying for. - </para> - <para> - By default rules for group memberships are taken from config file - <filename>/etc/security/group.conf</filename>. - </para> - <para> - This module's usefulness relies on the file-systems - accessible to the user. The point being that once granted the - membership of a group, the user may attempt to create a - <function>setgid</function> binary with a restricted group ownership. - Later, when the user is not given membership to this group, they can - recover group membership with the precompiled binary. The reason that - the file-systems that the user has access to are so significant, is the - fact that when a system is mounted <emphasis>nosuid</emphasis> the user - is unable to create or execute such a binary file. For this module to - provide any level of security, all file-systems that the user has write - access to should be mounted <emphasis>nosuid</emphasis>. - </para> - <para> - The pam_group module fuctions in parallel with the - <filename>/etc/group</filename> file. If the user is granted any groups - based on the behavior of this module, they are granted - <emphasis>in addition</emphasis> to those entries - <filename>/etc/group</filename> (or equivalent). - </para> - </refsect1> - - <refsect1 id="pam_group-options"> - <title>OPTIONS</title> - <para>This module does not recognise any options.</para> - </refsect1> - - <refsect1 id="pam_group-services"> - <title>MODULE SERVICES PROVIDED</title> - <para> - Only the <option>auth</option> service is supported. - </para> - </refsect1> - - <refsect1 id="pam_group-return_values"> - <title>RETURN VALUES</title> - <variablelist> - <varlistentry> - <term>PAM_SUCCESS</term> - <listitem> - <para> - group membership was granted. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>PAM_ABORT</term> - <listitem> - <para> - Not all relevant data could be gotten. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>PAM_BUF_ERR</term> - <listitem> - <para> - Memory buffer error. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>PAM_CRED_ERR</term> - <listitem> - <para> - Group membership was not granted. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>PAM_IGNORE</term> - <listitem> - <para> - <function>pam_sm_authenticate</function> was called which does nothing. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>PAM_USER_UNKNOWN</term> - <listitem> - <para> - The user is not known to the system. - </para> - </listitem> - </varlistentry> - </variablelist> - </refsect1> - - <refsect1 id="pam_group-files"> - <title>FILES</title> - <variablelist> - <varlistentry> - <term><filename>/etc/security/group.conf</filename></term> - <listitem> - <para>Default configuration file</para> - </listitem> - </varlistentry> - </variablelist> - </refsect1> - - <refsect1 id="pam_group-see_also"> - <title>SEE ALSO</title> - <para> - <citerefentry> - <refentrytitle>group.conf</refentrytitle><manvolnum>5</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>pam.d</refentrytitle><manvolnum>8</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> - </citerefentry>. - </para> - </refsect1> - - <refsect1 id="pam_group-authors"> - <title>AUTHORS</title> - <para> - pam_group was written by Andrew G. Morgan <morgan@kernel.org>. - </para> - </refsect1> -</refentry> |