diff options
Diffstat (limited to 'modules/pam_wheel/pam_wheel.8')
-rw-r--r-- | modules/pam_wheel/pam_wheel.8 | 29 |
1 files changed, 12 insertions, 17 deletions
diff --git a/modules/pam_wheel/pam_wheel.8 b/modules/pam_wheel/pam_wheel.8 index d59ee467..ca687e59 100644 --- a/modules/pam_wheel/pam_wheel.8 +++ b/modules/pam_wheel/pam_wheel.8 @@ -1,13 +1,13 @@ '\" t .\" Title: pam_wheel .\" Author: [see the "AUTHOR" section] -.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/> -.\" Date: 05/18/2017 +.\" Generator: DocBook XSL Stylesheets v1.79.2 <http://docbook.sf.net/> +.\" Date: 09/13/2023 .\" Manual: Linux-PAM Manual -.\" Source: Linux-PAM Manual +.\" Source: Linux-PAM .\" Language: English .\" -.TH "PAM_WHEEL" "8" "05/18/2017" "Linux-PAM Manual" "Linux\-PAM Manual" +.TH "PAM_WHEEL" "8" "09/13/2023" "Linux\-PAM" "Linux\-PAM Manual" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- @@ -31,23 +31,23 @@ pam_wheel \- Only permit root access to members of group wheel .SH "SYNOPSIS" .HP \w'\fBpam_wheel\&.so\fR\ 'u -\fBpam_wheel\&.so\fR [debug] [deny] [group=\fIname\fR] [root_only] [trust] [use_uid] +\fBpam_wheel\&.so\fR [debug] [deny] [group=\fIname\fR] [root_only] [trust] .SH "DESCRIPTION" .PP The pam_wheel PAM module is used to enforce the so\-called \fIwheel\fR -group\&. By default it permits root access to the system if the applicant user is a member of the +group\&. By default it permits access to the target user if the applicant user is a member of the \fIwheel\fR group\&. If no group with this name exist, the module is using the group with the group\-ID \fB0\fR\&. .SH "OPTIONS" .PP -\fBdebug\fR +debug .RS 4 Print debug information\&. .RE .PP -\fBdeny\fR +deny .RS 4 Reverse the sense of the auth operation: if the user is trying to get UID 0 access and is a member of the wheel group (or the group of the \fBgroup\fR @@ -56,27 +56,22 @@ option), deny access\&. Conversely, if the user is not in the group, return PAM_ was also specified, in which case we return PAM_SUCCESS)\&. .RE .PP -\fBgroup=\fR\fB\fIname\fR\fR +group=name .RS 4 Instead of checking the wheel or GID 0 groups, use the \fB\fIname\fR\fR group to perform the authentication\&. .RE .PP -\fBroot_only\fR +root_only .RS 4 The check for wheel membership is done only when the target user UID is 0\&. .RE .PP -\fBtrust\fR +trust .RS 4 The pam_wheel module will return PAM_SUCCESS instead of PAM_IGNORE if the user is a member of the wheel group (thus with a little play stacking the modules the wheel members may be able to su to root without being prompted for a passwd)\&. .RE -.PP -\fBuse_uid\fR -.RS 4 -The check for wheel membership will be done against the current uid instead of the original one (useful when jumping with su from one account to another for example)\&. -.RE .SH "MODULE TYPES PROVIDED" .PP The @@ -141,7 +136,7 @@ su auth required pam_unix\&.so .PP \fBpam.conf\fR(5), \fBpam.d\fR(5), -\fBpam\fR(8) +\fBpam\fR(7) .SH "AUTHOR" .PP pam_wheel was written by Cristian Gafton <gafton@redhat\&.com>\&. |