summaryrefslogtreecommitdiff
path: root/modules/pam_sepermit/pam_sepermit.8
diff options
context:
space:
mode:
Diffstat (limited to 'modules/pam_sepermit/pam_sepermit.8')
-rw-r--r--modules/pam_sepermit/pam_sepermit.8240
1 files changed, 208 insertions, 32 deletions
diff --git a/modules/pam_sepermit/pam_sepermit.8 b/modules/pam_sepermit/pam_sepermit.8
index 40486668..6b53e4ff 100644
--- a/modules/pam_sepermit/pam_sepermit.8
+++ b/modules/pam_sepermit/pam_sepermit.8
@@ -1,104 +1,280 @@
.\" Title: pam_sepermit
-.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.73.1 <http://docbook.sf.net/>
-.\" Date: 04/16/2008
+.\" Author: [see the "AUTHOR" section]
+.\" Generator: DocBook XSL Stylesheets v1.74.0 <http://docbook.sf.net/>
+.\" Date: 03/02/2009
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
+.\" Language: English
.\"
-.TH "PAM_SEPERMIT" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
+.TH "PAM_SEPERMIT" "8" "03/02/2009" "Linux-PAM Manual" "Linux\-PAM Manual"
+.\" -----------------------------------------------------------------
+.\" * (re)Define some macros
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" toupper - uppercase a string (locale-aware)
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de toupper
+.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ
+\\$*
+.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" SH-xref - format a cross-reference to an SH section
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de SH-xref
+.ie n \{\
+.\}
+.toupper \\$*
+.el \{\
+\\$*
+.\}
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" SH - level-one heading that works better for non-TTY output
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de1 SH
+.\" put an extra blank line of space above the head in non-TTY output
+.if t \{\
+.sp 1
+.\}
+.sp \\n[PD]u
+.nr an-level 1
+.set-an-margin
+.nr an-prevailing-indent \\n[IN]
+.fi
+.in \\n[an-margin]u
+.ti 0
+.HTML-TAG ".NH \\n[an-level]"
+.it 1 an-trap
+.nr an-no-space-flag 1
+.nr an-break-flag 1
+\." make the size of the head bigger
+.ps +3
+.ft B
+.ne (2v + 1u)
+.ie n \{\
+.\" if n (TTY output), use uppercase
+.toupper \\$*
+.\}
+.el \{\
+.nr an-break-flag 0
+.\" if not n (not TTY), use normal case (not uppercase)
+\\$1
+.in \\n[an-margin]u
+.ti 0
+.\" if not n (not TTY), put a border/line under subheading
+.sp -.6
+\l'\n(.lu'
+.\}
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" SS - level-two heading that works better for non-TTY output
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de1 SS
+.sp \\n[PD]u
+.nr an-level 1
+.set-an-margin
+.nr an-prevailing-indent \\n[IN]
+.fi
+.in \\n[IN]u
+.ti \\n[SN]u
+.it 1 an-trap
+.nr an-no-space-flag 1
+.nr an-break-flag 1
+.ps \\n[PS-SS]u
+\." make the size of the head bigger
+.ps +2
+.ft B
+.ne (2v + 1u)
+.if \\n[.$] \&\\$*
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" BB/BE - put background/screen (filled box) around block of text
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de BB
+.if t \{\
+.sp -.5
+.br
+.in +2n
+.ll -2n
+.gcolor red
+.di BX
+.\}
+..
+.de EB
+.if t \{\
+.if "\\$2"adjust-for-leading-newline" \{\
+.sp -1
+.\}
+.br
+.di
+.in
+.ll
+.gcolor
+.nr BW \\n(.lu-\\n(.i
+.nr BH \\n(dn+.5v
+.ne \\n(BHu+.5v
+.ie "\\$2"adjust-for-leading-newline" \{\
+\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+.\}
+.el \{\
+\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+.\}
+.in 0
+.sp -.5v
+.nf
+.BX
+.in
+.sp .5v
+.fi
+.\}
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" BM/EM - put colored marker in margin next to block of text
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de BM
+.if t \{\
+.br
+.ll -2n
+.gcolor red
+.di BX
+.\}
+..
+.de EM
+.if t \{\
+.br
+.di
+.ll
+.gcolor
+.nr BH \\n(dn
+.ne \\n(BHu
+\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[]
+.in 0
+.nf
+.BX
+.in
+.fi
+.\}
+..
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
-.SH "NAME"
-pam_sepermit - PAM module to allow/deny login depending on SELinux enforcement state
-.SH "SYNOPSIS"
-.HP 16
-\fBpam_sepermit\.so\fR [debug] [conf=\fI/path/to/config/file\fR]
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
+.SH "Name"
+pam_sepermit \- PAM module to allow/deny login depending on SELinux enforcement state
+.SH "Synopsis"
+.fam C
+.HP \w'\fBpam_sepermit\&.so\fR\ 'u
+\fBpam_sepermit\&.so\fR [debug] [conf=\fI/path/to/config/file\fR]
+.fam
.SH "DESCRIPTION"
.PP
-The pam_sepermit module allows or denies login depending on SELinux enforcement state\.
+The pam_sepermit module allows or denies login depending on SELinux enforcement state\&.
.PP
-When the user which is logging in matches an entry in the config file he is allowed access only when the SELinux is in enforcing mode\. Otherwise he is denied access\. For users not matching any entry in the config file the pam_sepermit module returns PAM_IGNORE return value\.
+When the user which is logging in matches an entry in the config file he is allowed access only when the SELinux is in enforcing mode\&. Otherwise he is denied access\&. For users not matching any entry in the config file the pam_sepermit module returns PAM_IGNORE return value\&.
.PP
-The config file contains a simple list of user names one per line\. If the
+The config file contains a simple list of user names one per line\&. If the
\fIname\fR
is prefixed with
\fI@\fR
character it means that all users in the group
\fIname\fR
-match\. If it is prefixed with a
+match\&. If it is prefixed with a
\fI%\fR
character the SELinux user is used to match against the
\fIname\fR
-instead of the account name\. Note that when SELinux is disabled the SELinux user assigned to the account cannot be determined\. This means that such entries are never matched when SELinux is disabled and pam_sepermit will return PAM_IGNORE\.
+instead of the account name\&. Note that when SELinux is disabled the SELinux user assigned to the account cannot be determined\&. This means that such entries are never matched when SELinux is disabled and pam_sepermit will return PAM_IGNORE\&.
.PP
Each user name in the configuration file can have optional arguments separated by
\fI:\fR
-character\. The only currently recognized argument is
-\fIexclusive\fR\. The pam_sepermit module will allow only single concurrent user session for the user with this argument specified and it will attempt to kill all processes of the user after logout\.
+character\&. The only currently recognized argument is
+\fIexclusive\fR\&. The pam_sepermit module will allow only single concurrent user session for the user with this argument specified and it will attempt to kill all processes of the user after logout\&.
.SH "OPTIONS"
.PP
\fBdebug\fR
.RS 4
Turns on debugging via
-\fBsyslog\fR(3)\.
+\fBsyslog\fR(3)\&.
.RE
.PP
\fBconf=\fR\fB\fI/path/to/config/file\fR\fR
.RS 4
-Path to alternative config file overriding the default\.
+Path to alternative config file overriding the default\&.
.RE
-.SH "MODULE SERVICES PROVIDED"
+.SH "MODULE TYPES PROVIDED"
.PP
-Only the
+The
\fBauth\fR
and
\fBaccount\fR
-services are supported\.
+module types are provided\&.
.SH "RETURN VALUES"
.PP
PAM_AUTH_ERR
.RS 4
-SELinux is disabled or in the permissive mode and the user matches\.
+SELinux is disabled or in the permissive mode and the user matches\&.
.RE
.PP
PAM_SUCCESS
.RS 4
-SELinux is in the enforcing mode and the user matches\.
+SELinux is in the enforcing mode and the user matches\&.
.RE
.PP
PAM_IGNORE
.RS 4
-The user does not match any entry in the config file\.
+The user does not match any entry in the config file\&.
.RE
.PP
PAM_USER_UNKNOWN
.RS 4
-The module was unable to determine the user\'s name\.
+The module was unable to determine the user\'s name\&.
.RE
.PP
PAM_SERVICE_ERR
.RS 4
-Error during reading or parsing the config file\.
+Error during reading or parsing the config file\&.
.RE
.SH "FILES"
.PP
-\fI/etc/security/sepermit\.conf\fR
+\FC/etc/security/sepermit\&.conf\F[]
.RS 4
Default configuration file
.RE
.SH "EXAMPLES"
.sp
+.if n \{\
.RS 4
+.\}
+.fam C
+.ps -1
.nf
-auth [success=done ignore=ignore default=bad] pam_sepermit\.so
-auth required pam_unix\.so
-account required pam_unix\.so
-session required pam_permit\.so
+.if t \{\
+.sp -1
+.\}
+.BB lightgray adjust-for-leading-newline
+.sp -1
+
+auth [success=done ignore=ignore default=bad] pam_sepermit\&.so
+auth required pam_unix\&.so
+account required pam_unix\&.so
+session required pam_permit\&.so
+.EB lightgray adjust-for-leading-newline
+.if t \{\
+.sp 1
+.\}
.fi
+.fam
+.ps +1
+.if n \{\
.RE
+.\}
.SH "SEE ALSO"
.PP
@@ -107,4 +283,4 @@ session required pam_permit\.so
\fBpam\fR(8)
.SH "AUTHOR"
.PP
-pam_sepermit was written by Tomas Mraz <tmraz@redhat\.com>\.
+pam_sepermit was written by Tomas Mraz <tmraz@redhat\&.com>\&.
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-20 04:11:35 +0000