summaryrefslogtreecommitdiff
path: root/modules/pam_rootok/pam_rootok.8
diff options
context:
space:
mode:
Diffstat (limited to 'modules/pam_rootok/pam_rootok.8')
-rw-r--r--modules/pam_rootok/pam_rootok.8105
1 files changed, 105 insertions, 0 deletions
diff --git a/modules/pam_rootok/pam_rootok.8 b/modules/pam_rootok/pam_rootok.8
new file mode 100644
index 00000000..a2c6a4d0
--- /dev/null
+++ b/modules/pam_rootok/pam_rootok.8
@@ -0,0 +1,105 @@
+'\" t
+.\" Title: pam_rootok
+.\" Author: [see the "AUTHOR" section]
+.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
+.\" Date: 04/01/2016
+.\" Manual: Linux-PAM Manual
+.\" Source: Linux-PAM Manual
+.\" Language: English
+.\"
+.TH "PAM_ROOTOK" "8" "04/01/2016" "Linux-PAM Manual" "Linux\-PAM Manual"
+.\" -----------------------------------------------------------------
+.\" * Define some portability stuff
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" http://bugs.debian.org/507673
+.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
+.SH "NAME"
+pam_rootok \- Gain only root access
+.SH "SYNOPSIS"
+.HP \w'\fBpam_rootok\&.so\fR\ 'u
+\fBpam_rootok\&.so\fR [debug]
+.SH "DESCRIPTION"
+.PP
+pam_rootok is a PAM module that authenticates the user if their
+\fIUID\fR
+is
+\fI0\fR\&. Applications that are created setuid\-root generally retain the
+\fIUID\fR
+of the user but run with the authority of an enhanced effective\-UID\&. It is the real
+\fIUID\fR
+that is checked\&.
+.SH "OPTIONS"
+.PP
+\fBdebug\fR
+.RS 4
+Print debug information\&.
+.RE
+.SH "MODULE TYPES PROVIDED"
+.PP
+The
+\fBauth\fR,
+\fBacct\fR
+and
+\fBpassword\fR
+module types are provided\&.
+.SH "RETURN VALUES"
+.PP
+PAM_SUCCESS
+.RS 4
+The
+\fIUID\fR
+is
+\fI0\fR\&.
+.RE
+.PP
+PAM_AUTH_ERR
+.RS 4
+The
+\fIUID\fR
+is
+\fBnot\fR\fI0\fR\&.
+.RE
+.SH "EXAMPLES"
+.PP
+In the case of the
+\fBsu\fR(1)
+application the historical usage is to permit the superuser to adopt the identity of a lesser user without the use of a password\&. To obtain this behavior with PAM the following pair of lines are needed for the corresponding entry in the
+/etc/pam\&.d/su
+configuration file:
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+# su authentication\&. Root is granted access by default\&.
+auth sufficient pam_rootok\&.so
+auth required pam_unix\&.so
+
+.fi
+.if n \{\
+.RE
+.\}
+.sp
+.SH "SEE ALSO"
+.PP
+\fBsu\fR(1),
+\fBpam.conf\fR(5),
+\fBpam.d\fR(5),
+\fBpam\fR(8)
+.SH "AUTHOR"
+.PP
+pam_rootok was written by Andrew G\&. Morgan, <morgan@kernel\&.org>\&.