path: root/modules/pam_wheel/pam_wheel.8
diff options
Diffstat (limited to 'modules/pam_wheel/pam_wheel.8')
1 files changed, 101 insertions, 0 deletions
diff --git a/modules/pam_wheel/pam_wheel.8 b/modules/pam_wheel/pam_wheel.8
new file mode 100644
index 00000000..aaecc1a5
--- /dev/null
+++ b/modules/pam_wheel/pam_wheel.8
@@ -0,0 +1,101 @@
+.\" Title: pam_wheel
+.\" Author:
+.\" Generator: DocBook XSL Stylesheets v1.70.1 <>
+.\" Date: 06/09/2006
+.\" Manual: Linux\-PAM Manual
+.\" Source: Linux\-PAM Manual
+.TH "PAM_WHEEL" "8" "06/09/2006" "Linux\-PAM Manual" "Linux\-PAM Manual"
+.\" disable hyphenation
+.\" disable justification (adjust text to left margin only) l
+pam_wheel \- Only permit root access to members of group wheel
+.HP 13
+\\fR [debug] [deny] [group=\fIname\fR] [root_only] [trust] [use_uid]
+The pam_wheel PAM module is used to enforce the so\-called
+group. By default it permits root access to the system if the applicant user is a member of the
+group. If no group with this name exist, the module is using the group with the group\-ID
+.TP 3n
+Print debug information.
+.TP 3n
+Reverse the sense of the auth operation: if the user is trying to get UID 0 access and is a member of the wheel group (or the group of the
+option), deny access. Conversely, if the user is not in the group, return PAM_IGNORE (unless
+was also specified, in which case we return PAM_SUCCESS).
+.TP 3n
+Instead of checking the wheel or GID 0 groups, use the
+group to perform the authentification.
+.TP 3n
+The check for wheel membership is done only.
+.TP 3n
+The pam_wheel module will return PAM_SUCCESS instead of PAM_IGNORE if the user is a member of the wheel group (thus with a little play stacking the modules the wheel members may be able to su to root without being prompted for a passwd).
+.TP 3n
+The check for wheel membership will be done against the current uid instead of the original one (useful when jumping with su from one account to another for example).
+services are supported.
+.TP 3n
+Authentication failure.
+.TP 3n
+Memory buffer error.
+.TP 3n
+The return value should be ignored by PAM dispatch.
+.TP 3n
+Permission denied.
+.TP 3n
+Cannot determine the user name.
+.TP 3n
+.TP 3n
+User not known.
+The root account gains access by default (rootok), only wheel members can become root (wheel) but Unix authenticate non\-root applicants.
+.RS 3n
+su auth sufficient
+su auth required
+su auth required
+pam_wheel was written by Cristian Gafton <>.