summaryrefslogtreecommitdiff
path: root/modules/pam_rootok/pam_rootok.8.xml
diff options
context:
space:
mode:
Diffstat (limited to 'modules/pam_rootok/pam_rootok.8.xml')
-rw-r--r--modules/pam_rootok/pam_rootok.8.xml130
1 files changed, 130 insertions, 0 deletions
diff --git a/modules/pam_rootok/pam_rootok.8.xml b/modules/pam_rootok/pam_rootok.8.xml
new file mode 100644
index 00000000..ec8dee43
--- /dev/null
+++ b/modules/pam_rootok/pam_rootok.8.xml
@@ -0,0 +1,130 @@
+<?xml version="1.0" encoding='UTF-8'?>
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
+ "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
+
+<refentry id="pam_rootok">
+
+ <refmeta>
+ <refentrytitle>pam_rootok</refentrytitle>
+ <manvolnum>8</manvolnum>
+ <refmiscinfo class="sectdesc">Linux-PAM Manual</refmiscinfo>
+ </refmeta>
+
+ <refnamediv id="pam_rootok-name">
+ <refname>pam_rootok</refname>
+ <refpurpose>Gain only root access</refpurpose>
+ </refnamediv>
+
+ <refsynopsisdiv>
+ <cmdsynopsis id="pam_rootok-cmdsynopsis">
+ <command>pam_rootok.so</command>
+ <arg choice="opt">
+ debug
+ </arg>
+ </cmdsynopsis>
+ </refsynopsisdiv>
+
+ <refsect1 id="pam_rootok-description">
+
+ <title>DESCRIPTION</title>
+
+ <para>
+ pam_rootok is a PAM module that authenticates the user if their
+ <emphasis>UID</emphasis> is <emphasis>0</emphasis>.
+ Applications that are created setuid-root generally retain the
+ <emphasis>UID</emphasis> of the user but run with the authority
+ of an enhanced effective-UID. It is the real <emphasis>UID</emphasis>
+ that is checked.
+ </para>
+ </refsect1>
+
+ <refsect1 id="pam_rootok-options">
+ <title>OPTIONS</title>
+ <variablelist>
+ <varlistentry>
+ <term>
+ <option>debug</option>
+ </term>
+ <listitem>
+ <para>
+ Print debug information.
+ </para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </refsect1>
+
+ <refsect1 id="pam_rootok-services">
+ <title>MODULE SERVICES PROVIDED</title>
+ <para>
+ Only the <option>auth</option> service is supported.
+ </para>
+ </refsect1>
+
+ <refsect1 id='pam_rootok-return_values'>
+ <title>RETURN VALUES</title>
+ <variablelist>
+ <varlistentry>
+ <term>PAM_SUCCESS</term>
+ <listitem>
+ <para>
+ The <emphasis>UID</emphasis> is <emphasis>0</emphasis>.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>PAM_AUTH_ERR</term>
+ <listitem>
+ <para>
+ The <emphasis>UID</emphasis> is <emphasis remap='B'>not</emphasis>
+ <emphasis>0</emphasis>.
+ </para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </refsect1>
+
+ <refsect1 id='pam_rootok-examples'>
+ <title>EXAMPLES</title>
+ <para>
+ In the case of the <citerefentry>
+ <refentrytitle>su</refentrytitle><manvolnum>1</manvolnum>
+ </citerefentry> application the historical usage is to
+ permit the superuser to adopt the identity of a lesser user
+ without the use of a password. To obtain this behavior with PAM
+ the following pair of lines are needed for the corresponding entry
+ in the <filename>/etc/pam.d/su</filename> configuration file:
+ <programlisting>
+# su authentication. Root is granted access by default.
+auth sufficient pam_rootok.so
+auth required pam_unix.so
+ </programlisting>
+ </para>
+ </refsect1>
+
+ <refsect1 id='pam_rootok-see_also'>
+ <title>SEE ALSO</title>
+ <para>
+ <citerefentry>
+ <refentrytitle>su</refentrytitle><manvolnum>1</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>pam.conf</refentrytitle><manvolnum>5</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>pam.d</refentrytitle><manvolnum>8</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum>
+ </citerefentry>
+ </para>
+ </refsect1>
+
+ <refsect1 id='pam_rootok-author'>
+ <title>AUTHOR</title>
+ <para>
+ pam_rootok was written by Andrew G. Morgan, &lt;morgan@kernel.org&gt;.
+ </para>
+ </refsect1>
+
+</refentry>
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-19 07:05:44 +0000