summaryrefslogtreecommitdiff
path: root/modules
diff options
context:
space:
mode:
Diffstat (limited to 'modules')
-rw-r--r--modules/pam_rootok/Makefile.am11
-rw-r--r--modules/pam_rootok/README39
-rw-r--r--modules/pam_rootok/README.xml41
-rw-r--r--modules/pam_rootok/pam_rootok.877
-rw-r--r--modules/pam_rootok/pam_rootok.8.xml130
5 files changed, 285 insertions, 13 deletions
diff --git a/modules/pam_rootok/Makefile.am b/modules/pam_rootok/Makefile.am
index f8e2d9c7..7a97f20f 100644
--- a/modules/pam_rootok/Makefile.am
+++ b/modules/pam_rootok/Makefile.am
@@ -4,7 +4,10 @@
CLEANFILES = *~
-EXTRA_DIST = README tst-pam_rootok
+EXTRA_DIST = README $(MANS) $(XMLS) tst-pam_rootok
+
+man_MANS = pam_rootok.8
+XMLS = README.xml pam_rootok.8.xml
TESTS = tst-pam_rootok
@@ -22,3 +25,9 @@ if HAVE_VERSIONING
endif
securelib_LTLIBRARIES = pam_rootok.la
+
+if ENABLE_REGENERATE_MAN
+noinst_DATA = README
+README: pam_rootok.8.xml
+-include $(top_srcdir)/Make.xml.rules
+endif
diff --git a/modules/pam_rootok/README b/modules/pam_rootok/README
index cccb5ce1..55a44756 100644
--- a/modules/pam_rootok/README
+++ b/modules/pam_rootok/README
@@ -1,18 +1,33 @@
-# $Id$
-#
+pam_rootok — Gain only root access
-this module is an authentication module that performs one task: if the
-id of the user is '0' then it returns 'PAM_SUCCESS' with the
-'sufficient' /etc/pam.conf control flag it can be used to allow
-password free access to some service for 'root'
+━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
-Recognized arguments:
+DESCRIPTION
- debug write a message to syslog indicating success or
- failure.
+pam_rootok is a PAM module that authenticates the user if their UID is 0.
+Applications that are created setuid-root generally retain the UID of the user
+but run with the authority of an enhanced effective-UID. It is the real UID
+that is checked.
-module services provided:
+OPTIONS
- auth _authentication and _setcred (blank)
+debug
+
+ Print debug information.
+
+EXAMPLES
+
+In the case of the su(1) application the historical usage is to permit the
+superuser to adopt the identity of a lesser user without the use of a password.
+To obtain this behavior with PAM the following pair of lines are needed for the
+corresponding entry in the /etc/pam.d/su configuration file:
+
+# su authentication. Root is granted access by default.
+auth sufficient pam_rootok.so
+auth required pam_unix.so
+
+
+AUTHOR
+
+pam_rootok was written by Andrew G. Morgan, <morgan@kernel.org>.
-Andrew Morgan
diff --git a/modules/pam_rootok/README.xml b/modules/pam_rootok/README.xml
new file mode 100644
index 00000000..6fb58cd0
--- /dev/null
+++ b/modules/pam_rootok/README.xml
@@ -0,0 +1,41 @@
+<?xml version="1.0" encoding='UTF-8'?>
+<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
+"http://www.docbook.org/xml/4.3/docbookx.dtd"
+[
+<!--
+<!ENTITY pamaccess SYSTEM "pam_rootok.8.xml">
+-->
+]>
+
+<article>
+
+ <articleinfo>
+
+ <title>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+ href="pam_rootok.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_rootok-name"]/*)'/>
+ </title>
+
+ </articleinfo>
+
+ <section>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+ href="pam_rootok.8.xml" xpointer='xpointer(//refsect1[@id = "pam_rootok-description"]/*)'/>
+ </section>
+
+ <section>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+ href="pam_rootok.8.xml" xpointer='xpointer(//refsect1[@id = "pam_rootok-options"]/*)'/>
+ </section>
+
+ <section>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+ href="pam_rootok.8.xml" xpointer='xpointer(//refsect1[@id = "pam_rootok-examples"]/*)'/>
+ </section>
+
+ <section>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+ href="pam_rootok.8.xml" xpointer='xpointer(//refsect1[@id = "pam_rootok-author"]/*)'/>
+ </section>
+
+</article>
diff --git a/modules/pam_rootok/pam_rootok.8 b/modules/pam_rootok/pam_rootok.8
new file mode 100644
index 00000000..b1436f79
--- /dev/null
+++ b/modules/pam_rootok/pam_rootok.8
@@ -0,0 +1,77 @@
+.\" Title: pam_rootok
+.\" Author:
+.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/>
+.\" Date: 06/04/2006
+.\" Manual: Linux\-PAM Manual
+.\" Source: Linux\-PAM Manual
+.\"
+.TH "PAM_ROOTOK" "8" "06/04/2006" "Linux\-PAM Manual" "Linux\-PAM Manual"
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.SH "NAME"
+pam_rootok \- Gain only root access
+.SH "SYNOPSIS"
+.HP 14
+\fBpam_rootok.so\fR [debug]
+.SH "DESCRIPTION"
+.PP
+pam_rootok is a PAM module that authenticates the user if their
+\fIUID\fR
+is
+\fI0\fR. Applications that are created setuid\-root generally retain the
+\fIUID\fR
+of the user but run with the authority of an enhanced effective\-UID. It is the real
+\fIUID\fR
+that is checked.
+.SH "OPTIONS"
+.TP 3n
+\fBdebug\fR
+Print debug information.
+.SH "MODULE SERVICES PROVIDED"
+.PP
+Only the
+\fBauth\fR
+service is supported.
+.SH "RETURN VALUES"
+.TP 3n
+PAM_SUCCESS
+The
+\fIUID\fR
+is
+\fI0\fR.
+.TP 3n
+PAM_AUTH_ERR
+The
+\fIUID\fR
+is
+\fBnot\fR
+\fI0\fR.
+.SH "EXAMPLES"
+.PP
+In the case of the
+\fBsu\fR(1)
+application the historical usage is to permit the superuser to adopt the identity of a lesser user without the use of a password. To obtain this behavior with PAM the following pair of lines are needed for the corresponding entry in the
+\fI/etc/pam.d/su\fR
+configuration file:
+.sp
+.RS 3n
+.nf
+# su authentication. Root is granted access by default.
+auth sufficient pam_rootok.so
+auth required pam_unix.so
+
+.fi
+.RE
+.sp
+.SH "SEE ALSO"
+.PP
+
+\fBsu\fR(1),
+\fBpam.conf\fR(5),
+\fBpam.d\fR(8),
+\fBpam\fR(8)
+.SH "AUTHOR"
+.PP
+pam_rootok was written by Andrew G. Morgan, <morgan@kernel.org>.
diff --git a/modules/pam_rootok/pam_rootok.8.xml b/modules/pam_rootok/pam_rootok.8.xml
new file mode 100644
index 00000000..ec8dee43
--- /dev/null
+++ b/modules/pam_rootok/pam_rootok.8.xml
@@ -0,0 +1,130 @@
+<?xml version="1.0" encoding='UTF-8'?>
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
+ "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
+
+<refentry id="pam_rootok">
+
+ <refmeta>
+ <refentrytitle>pam_rootok</refentrytitle>
+ <manvolnum>8</manvolnum>
+ <refmiscinfo class="sectdesc">Linux-PAM Manual</refmiscinfo>
+ </refmeta>
+
+ <refnamediv id="pam_rootok-name">
+ <refname>pam_rootok</refname>
+ <refpurpose>Gain only root access</refpurpose>
+ </refnamediv>
+
+ <refsynopsisdiv>
+ <cmdsynopsis id="pam_rootok-cmdsynopsis">
+ <command>pam_rootok.so</command>
+ <arg choice="opt">
+ debug
+ </arg>
+ </cmdsynopsis>
+ </refsynopsisdiv>
+
+ <refsect1 id="pam_rootok-description">
+
+ <title>DESCRIPTION</title>
+
+ <para>
+ pam_rootok is a PAM module that authenticates the user if their
+ <emphasis>UID</emphasis> is <emphasis>0</emphasis>.
+ Applications that are created setuid-root generally retain the
+ <emphasis>UID</emphasis> of the user but run with the authority
+ of an enhanced effective-UID. It is the real <emphasis>UID</emphasis>
+ that is checked.
+ </para>
+ </refsect1>
+
+ <refsect1 id="pam_rootok-options">
+ <title>OPTIONS</title>
+ <variablelist>
+ <varlistentry>
+ <term>
+ <option>debug</option>
+ </term>
+ <listitem>
+ <para>
+ Print debug information.
+ </para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </refsect1>
+
+ <refsect1 id="pam_rootok-services">
+ <title>MODULE SERVICES PROVIDED</title>
+ <para>
+ Only the <option>auth</option> service is supported.
+ </para>
+ </refsect1>
+
+ <refsect1 id='pam_rootok-return_values'>
+ <title>RETURN VALUES</title>
+ <variablelist>
+ <varlistentry>
+ <term>PAM_SUCCESS</term>
+ <listitem>
+ <para>
+ The <emphasis>UID</emphasis> is <emphasis>0</emphasis>.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>PAM_AUTH_ERR</term>
+ <listitem>
+ <para>
+ The <emphasis>UID</emphasis> is <emphasis remap='B'>not</emphasis>
+ <emphasis>0</emphasis>.
+ </para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </refsect1>
+
+ <refsect1 id='pam_rootok-examples'>
+ <title>EXAMPLES</title>
+ <para>
+ In the case of the <citerefentry>
+ <refentrytitle>su</refentrytitle><manvolnum>1</manvolnum>
+ </citerefentry> application the historical usage is to
+ permit the superuser to adopt the identity of a lesser user
+ without the use of a password. To obtain this behavior with PAM
+ the following pair of lines are needed for the corresponding entry
+ in the <filename>/etc/pam.d/su</filename> configuration file:
+ <programlisting>
+# su authentication. Root is granted access by default.
+auth sufficient pam_rootok.so
+auth required pam_unix.so
+ </programlisting>
+ </para>
+ </refsect1>
+
+ <refsect1 id='pam_rootok-see_also'>
+ <title>SEE ALSO</title>
+ <para>
+ <citerefentry>
+ <refentrytitle>su</refentrytitle><manvolnum>1</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>pam.conf</refentrytitle><manvolnum>5</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>pam.d</refentrytitle><manvolnum>8</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum>
+ </citerefentry>
+ </para>
+ </refsect1>
+
+ <refsect1 id='pam_rootok-author'>
+ <title>AUTHOR</title>
+ <para>
+ pam_rootok was written by Andrew G. Morgan, &lt;morgan@kernel.org&gt;.
+ </para>
+ </refsect1>
+
+</refentry>
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-19 15:53:04 +0000