diff options
Diffstat (limited to 'modules/pam_rootok/pam_rootok.8')
-rw-r--r-- | modules/pam_rootok/pam_rootok.8 | 83 |
1 files changed, 83 insertions, 0 deletions
diff --git a/modules/pam_rootok/pam_rootok.8 b/modules/pam_rootok/pam_rootok.8 new file mode 100644 index 00000000..83ea8c09 --- /dev/null +++ b/modules/pam_rootok/pam_rootok.8 @@ -0,0 +1,83 @@ +.\" Title: pam_rootok +.\" Author: +.\" Generator: DocBook XSL Stylesheets v1.73.1 <http://docbook.sf.net/> +.\" Date: 04/16/2008 +.\" Manual: Linux-PAM Manual +.\" Source: Linux-PAM Manual +.\" +.TH "PAM_ROOTOK" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual" +.\" disable hyphenation +.nh +.\" disable justification (adjust text to left margin only) +.ad l +.SH "NAME" +pam_rootok - Gain only root access +.SH "SYNOPSIS" +.HP 14 +\fBpam_rootok\.so\fR [debug] +.SH "DESCRIPTION" +.PP +pam_rootok is a PAM module that authenticates the user if their +\fIUID\fR +is +\fI0\fR\. Applications that are created setuid\-root generally retain the +\fIUID\fR +of the user but run with the authority of an enhanced effective\-UID\. It is the real +\fIUID\fR +that is checked\. +.SH "OPTIONS" +.PP +\fBdebug\fR +.RS 4 +Print debug information\. +.RE +.SH "MODULE SERVICES PROVIDED" +.PP +Only the +\fBauth\fR +service is supported\. +.SH "RETURN VALUES" +.PP +PAM_SUCCESS +.RS 4 +The +\fIUID\fR +is +\fI0\fR\. +.RE +.PP +PAM_AUTH_ERR +.RS 4 +The +\fIUID\fR +is +\fBnot\fR +\fI0\fR\. +.RE +.SH "EXAMPLES" +.PP +In the case of the +\fBsu\fR(1) +application the historical usage is to permit the superuser to adopt the identity of a lesser user without the use of a password\. To obtain this behavior with PAM the following pair of lines are needed for the corresponding entry in the +\fI/etc/pam\.d/su\fR +configuration file: +.sp +.RS 4 +.nf +# su authentication\. Root is granted access by default\. +auth sufficient pam_rootok\.so +auth required pam_unix\.so + +.fi +.RE +.sp +.SH "SEE ALSO" +.PP + +\fBsu\fR(1), +\fBpam.conf\fR(5), +\fBpam.d\fR(8), +\fBpam\fR(8) +.SH "AUTHOR" +.PP +pam_rootok was written by Andrew G\. Morgan, <morgan@kernel\.org>\. |