diff options
Diffstat (limited to 'modules/pam_rootok/pam_rootok.8')
| -rw-r--r-- | modules/pam_rootok/pam_rootok.8 | 106 |
1 files changed, 106 insertions, 0 deletions
diff --git a/modules/pam_rootok/pam_rootok.8 b/modules/pam_rootok/pam_rootok.8 new file mode 100644 index 00000000..a1f4cecf --- /dev/null +++ b/modules/pam_rootok/pam_rootok.8 @@ -0,0 +1,106 @@ +'\" t +.\" Title: pam_rootok +.\" Author: [see the "AUTHOR" section] +.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/> +.\" Date: 06/08/2020 +.\" Manual: Linux-PAM Manual +.\" Source: Linux-PAM Manual +.\" Language: English +.\" +.TH "PAM_ROOTOK" "8" "06/08/2020" "Linux-PAM Manual" "Linux\-PAM Manual" +.\" ----------------------------------------------------------------- +.\" * Define some portability stuff +.\" ----------------------------------------------------------------- +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.\" http://bugs.debian.org/507673 +.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" ----------------------------------------------------------------- +.\" * set default formatting +.\" ----------------------------------------------------------------- +.\" disable hyphenation +.nh +.\" disable justification (adjust text to left margin only) +.ad l +.\" ----------------------------------------------------------------- +.\" * MAIN CONTENT STARTS HERE * +.\" ----------------------------------------------------------------- +.SH "NAME" +pam_rootok \- Gain only root access +.SH "SYNOPSIS" +.HP \w'\fBpam_rootok\&.so\fR\ 'u +\fBpam_rootok\&.so\fR [debug] +.SH "DESCRIPTION" +.PP +pam_rootok is a PAM module that authenticates the user if their +\fIUID\fR +is +\fI0\fR\&. Applications that are created setuid\-root generally retain the +\fIUID\fR +of the user but run with the authority of an enhanced effective\-UID\&. It is the real +\fIUID\fR +that is checked\&. +.SH "OPTIONS" +.PP +\fBdebug\fR +.RS 4 +Print debug information\&. +.RE +.SH "MODULE TYPES PROVIDED" +.PP +The +\fBauth\fR, +\fBaccount\fR +and +\fBpassword\fR +module types are provided\&. +.SH "RETURN VALUES" +.PP +PAM_SUCCESS +.RS 4 +The +\fIUID\fR +is +\fI0\fR\&. +.RE +.PP +PAM_AUTH_ERR +.RS 4 +The +\fIUID\fR +is +\fBnot\fR +\fI0\fR\&. +.RE +.SH "EXAMPLES" +.PP +In the case of the +\fBsu\fR(1) +application the historical usage is to permit the superuser to adopt the identity of a lesser user without the use of a password\&. To obtain this behavior with PAM the following pair of lines are needed for the corresponding entry in the +/etc/pam\&.d/su +configuration file: +.sp +.if n \{\ +.RS 4 +.\} +.nf +# su authentication\&. Root is granted access by default\&. +auth sufficient pam_rootok\&.so +auth required pam_unix\&.so + +.fi +.if n \{\ +.RE +.\} +.sp +.SH "SEE ALSO" +.PP +\fBsu\fR(1), +\fBpam.conf\fR(5), +\fBpam.d\fR(5), +\fBpam\fR(8) +.SH "AUTHOR" +.PP +pam_rootok was written by Andrew G\&. Morgan, <morgan@kernel\&.org>\&. |