summaryrefslogtreecommitdiff
path: root/Linux-PAM/modules/pam_sepermit/pam_sepermit.8.xml
diff options
context:
space:
mode:
Diffstat (limited to 'Linux-PAM/modules/pam_sepermit/pam_sepermit.8.xml')
-rw-r--r--Linux-PAM/modules/pam_sepermit/pam_sepermit.8.xml189
1 files changed, 0 insertions, 189 deletions
diff --git a/Linux-PAM/modules/pam_sepermit/pam_sepermit.8.xml b/Linux-PAM/modules/pam_sepermit/pam_sepermit.8.xml
deleted file mode 100644
index c2546b62..00000000
--- a/Linux-PAM/modules/pam_sepermit/pam_sepermit.8.xml
+++ /dev/null
@@ -1,189 +0,0 @@
-<?xml version="1.0" encoding='UTF-8'?>
-<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
- "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
-
-<refentry id="pam_sepermit">
-
- <refmeta>
- <refentrytitle>pam_sepermit</refentrytitle>
- <manvolnum>8</manvolnum>
- <refmiscinfo class="sectdesc">Linux-PAM Manual</refmiscinfo>
- </refmeta>
-
- <refnamediv id="pam_sepermit-name">
- <refname>pam_sepermit</refname>
- <refpurpose>PAM module to allow/deny login depending on SELinux enforcement state</refpurpose>
- </refnamediv>
-
- <refsynopsisdiv>
- <cmdsynopsis id="pam_sepermit-cmdsynopsis">
- <command>pam_sepermit.so</command>
- <arg choice="opt">
- debug
- </arg>
- <arg choice="opt">
- conf=<replaceable>/path/to/config/file</replaceable>
- </arg>
- </cmdsynopsis>
- </refsynopsisdiv>
-
- <refsect1 id="pam_sepermit-description">
- <title>DESCRIPTION</title>
- <para>
- The pam_sepermit module allows or denies login depending on SELinux
- enforcement state.
- </para>
- <para>
- When the user which is logging in matches an entry in the config file
- he is allowed access only when the SELinux is in enforcing mode. Otherwise
- he is denied access. For users not matching any entry in the config file
- the pam_sepermit module returns PAM_IGNORE return value.
- </para>
- <para>
- The config file contains a simple list of user names one per line. If the
- <replaceable>name</replaceable> is prefixed with <emphasis>@</emphasis> character it means that all
- users in the group <replaceable>name</replaceable> match. If it is prefixed
- with a <emphasis>%</emphasis> character the SELinux user is used to match against the <replaceable>name</replaceable>
- instead of the account name. Note that when SELinux is disabled the
- SELinux user assigned to the account cannot be determined. This means that
- such entries are never matched when SELinux is disabled and pam_sepermit
- will return PAM_IGNORE.
- </para>
- <para>
- Each user name in the configuration file can have optional arguments separated
- by <emphasis>:</emphasis> character. The only currently recognized argument is <emphasis>exclusive</emphasis>.
- The pam_sepermit module will allow only single concurrent user session for
- the user with this argument specified and it will attempt to kill all processes
- of the user after logout.
- </para>
- </refsect1>
-
- <refsect1 id="pam_sepermit-options">
- <title>OPTIONS</title>
- <variablelist>
- <varlistentry>
- <term>
- <option>debug</option>
- </term>
- <listitem>
- <para>
- Turns on debugging via
- <citerefentry>
- <refentrytitle>syslog</refentrytitle><manvolnum>3</manvolnum>
- </citerefentry>.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>
- <option>conf=<replaceable>/path/to/config/file</replaceable></option>
- </term>
- <listitem>
- <para>
- Path to alternative config file overriding the default.
- </para>
- </listitem>
- </varlistentry>
- </variablelist>
- </refsect1>
-
- <refsect1 id="pam_sepermit-services">
- <title>MODULE SERVICES PROVIDED</title>
- <para>
- Only the <option>auth</option> and <option>account</option>
- services are supported.
- </para>
- </refsect1>
-
- <refsect1 id='pam_sepermit-return_values'>
- <title>RETURN VALUES</title>
- <variablelist>
- <varlistentry>
- <term>PAM_AUTH_ERR</term>
- <listitem>
- <para>
- SELinux is disabled or in the permissive mode and the user
- matches.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>PAM_SUCCESS</term>
- <listitem>
- <para>
- SELinux is in the enforcing mode and the user matches.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>PAM_IGNORE</term>
- <listitem>
- <para>
- The user does not match any entry in the config file.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>PAM_USER_UNKNOWN</term>
- <listitem>
- <para>
- The module was unable to determine the user's name.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>PAM_SERVICE_ERR</term>
- <listitem>
- <para>
- Error during reading or parsing the config file.
- </para>
- </listitem>
- </varlistentry>
- </variablelist>
- </refsect1>
-
- <refsect1 id="pam_sepermit-files">
- <title>FILES</title>
- <variablelist>
- <varlistentry>
- <term><filename>/etc/security/sepermit.conf</filename></term>
- <listitem>
- <para>Default configuration file</para>
- </listitem>
- </varlistentry>
- </variablelist>
- </refsect1>
-
- <refsect1 id='pam_sepermit-examples'>
- <title>EXAMPLES</title>
- <programlisting>
-auth [success=done ignore=ignore default=bad] pam_sepermit.so
-auth required pam_unix.so
-account required pam_unix.so
-session required pam_permit.so
- </programlisting>
- </refsect1>
-
- <refsect1 id='pam_sepermit-see_also'>
- <title>SEE ALSO</title>
- <para>
- <citerefentry>
- <refentrytitle>pam.conf</refentrytitle><manvolnum>5</manvolnum>
- </citerefentry>,
- <citerefentry>
- <refentrytitle>pam.d</refentrytitle><manvolnum>8</manvolnum>
- </citerefentry>,
- <citerefentry>
- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum>
- </citerefentry>
- </para>
- </refsect1>
-
- <refsect1 id='pam_sepermit-author'>
- <title>AUTHOR</title>
- <para>
- pam_sepermit was written by Tomas Mraz &lt;tmraz@redhat.com&gt;.
- </para>
- </refsect1>
-
-</refentry>
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-11 09:20:42 +0000