From 030053679f75622b3c56f0161f6440344cac657f Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Fri, 2 Jun 2006 15:59:25 +0000 Subject: Relevant BUGIDs: Purpose of commit: new feature Commit summary: --------------- Convert manual page to XML and make it look like the other ones --- modules/pam_localuser/Makefile.am | 10 +- modules/pam_localuser/README | 55 +++++++--- modules/pam_localuser/README.xml | 41 +++++++ modules/pam_localuser/pam_localuser.8 | 108 ++++++++++++------ modules/pam_localuser/pam_localuser.8.xml | 175 ++++++++++++++++++++++++++++++ 5 files changed, 337 insertions(+), 52 deletions(-) create mode 100644 modules/pam_localuser/README.xml create mode 100644 modules/pam_localuser/pam_localuser.8.xml (limited to 'modules/pam_localuser') diff --git a/modules/pam_localuser/Makefile.am b/modules/pam_localuser/Makefile.am index bd5b29ce..ae331755 100644 --- a/modules/pam_localuser/Makefile.am +++ b/modules/pam_localuser/Makefile.am @@ -4,11 +4,12 @@ CLEANFILES = *~ -EXTRA_DIST = README ${MANS} tst-pam_localuser +EXTRA_DIST = README ${MANS} $(XMLS) tst-pam_localuser TESTS = tst-pam_localuser man_MANS = pam_localuser.8 +XMLS = README.xml pam_localuser.8.xml securelibdir = $(SECUREDIR) secureconfdir = $(SCONFIGDIR) @@ -21,3 +22,10 @@ if HAVE_VERSIONING endif securelib_LTLIBRARIES = pam_localuser.la + +if ENABLE_REGENERATE_MAN +noinst_DATA = README +README: pam_localuser.8.xml +-include $(top_srcdir)/Make.xml.rules +endif + diff --git a/modules/pam_localuser/README b/modules/pam_localuser/README index b8cdf524..50663ead 100644 --- a/modules/pam_localuser/README +++ b/modules/pam_localuser/README @@ -1,17 +1,38 @@ -pam_localuser: - Succeeds iff the PAM_USER is listed in /etc/passwd. This seems to be a - common policy need (allowing only a subset of network-wide users, and - any locally-defined users, to access services). Simpler than using - awk to generate a file for use with pam_listfile (-F: '{print $1}'), - I guess. - -RECOGNIZED ARGUMENTS: - debug write debugging messages to syslog - file=FILE scan FILE instead of /etc/passwd - -MODULE SERVICES PROVIDED: - auth,account scan the FILE (/etc/passwd by default) and return - a success code if an entry is found for the user - -AUTHOR: - Nalin Dahyabhai +pam_localuser — require users to be listed in /etc/passwd + +━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ + +DESCRIPTION + +pam_localuser is a PAM module to help implementing site-wide login policies, +where they typically include a subset of the network's users and a few accounts +that are local to a particular workstation. Using pam_localuser and pam_wheel +or pam_listfile is an effective way to restrict access to either local users +and/or a subset of the network's users. + +This could also be implemented using pam_listfile.so and a very short awk +script invoked by cron, but it's common enough to have been separated out. + +OPTIONS + +debug + + Print debug information. + +file=/path/passwd + + Use a file other than /etc/passwd. + +EXAMPLES + +Add the following line to /etc/pam.d/su to allow only local users in group +wheel to use su. + +account sufficient pam_localuser.so +account required pam_wheel.so + + +AUTHOR + +pam_localuser was written by Nalin Dahyabhai . + diff --git a/modules/pam_localuser/README.xml b/modules/pam_localuser/README.xml new file mode 100644 index 00000000..4ab56d9d --- /dev/null +++ b/modules/pam_localuser/README.xml @@ -0,0 +1,41 @@ + + +--> +]> + +
+ + + + + <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" + href="pam_localuser.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_localuser-name"]/*)'/> + + + + +
+ +
+ +
+ +
+ +
+ +
+ +
+ +
+ +
diff --git a/modules/pam_localuser/pam_localuser.8 b/modules/pam_localuser/pam_localuser.8 index ce0a9465..eafe981f 100644 --- a/modules/pam_localuser/pam_localuser.8 +++ b/modules/pam_localuser/pam_localuser.8 @@ -1,36 +1,76 @@ -.\" Copyright 2000 Red Hat, Inc. -.TH pam_localuser 8 2000/7/21 "Red Hat" "System Administrator's Manual" - -.SH NAME +.\" Title: pam_localuser +.\" Author: +.\" Generator: DocBook XSL Stylesheets v1.70.1 +.\" Date: 06/02/2006 +.\" Manual: Linux\-PAM Manual +.\" Source: Linux\-PAM Manual +.\" +.TH "PAM_LOCALUSER" "8" "06/02/2006" "Linux\-PAM Manual" "Linux\-PAM Manual" +.\" disable hyphenation +.nh +.\" disable justification (adjust text to left margin only) +.ad l +.SH "NAME" pam_localuser \- require users to be listed in /etc/passwd +.SH "SYNOPSIS" +.HP 17 +\fBpam_localuser.so\fR [debug] [file=\fI/path/passwd\fR] +.SH "DESCRIPTION" +.PP +pam_localuser is a PAM module to help implementing site\-wide login policies, where they typically include a subset of the network's users and a few accounts that are local to a particular workstation. Using pam_localuser and pam_wheel or pam_listfile is an effective way to restrict access to either local users and/or a subset of the network's users. +.PP +This could also be implemented using pam_listfile.so and a very short awk script invoked by cron, but it's common enough to have been separated out. +.SH "OPTIONS" +.PP +.TP 3n +\fBdebug\fR +Print debug information. +.TP 3n +\fBfile=\fR\fB\fI/path/passwd\fR\fR +Use a file other than +\fI/etc/passwd\fR. +.SH "MODULE SERVICES PROVIDED" +.PP +The +\fBauth\fR +and +\fBaccount\fR +services are supported. +.SH "RETURN VALUES" +.PP +.TP 3n +PAM_SUCCESS +The new localuser was set successfull. +.TP 3n +PAM_SERVICE_ERR +No username was given. +.TP 3n +PAM_USER_UNKNOWN +User not known. +.SH "EXAMPLES" +.PP +Add the following line to +\fI/etc/pam.d/su\fR +to allow only local users in group wheel to use su. +.sp +.RS 3n +.nf +account sufficient pam_localuser.so +account required pam_wheel.so + +.fi +.RE +.sp +.SH "FILES" +.TP 3n +\fI/etc/passwd\fR +Local user account information. +.SH "SEE ALSO" +.PP -.SH SYNOPSIS -.B account sufficient /lib/security/pam_localuser.so \fIargs\fP -.br -.B account required /lib/security/pam_wheel.so group=devel - -.SH DESCRIPTION -pam_localuser.so exists to help implement site-wide login policies, where -they typically include a subset of the network's users and a few accounts -that are local to a particular workstation. Using pam_localuser.so and -pam_wheel.so or pam_listfile.so is an effective way to restrict access to -either local users and/or a subset of the network's users. - -This could also be implemented using pam_listfile.so and a very short awk -script invoked by cron, but it's common enough to have been separated out. - -.SH ARGUMENTS -.IP debug -turns on debugging -.IP file=\fBFILE\fP -uses a file other than \fB/etc/passwd\fP. - -.SH FILES -/etc/passwd - -.SH BUGS -Let's hope not, but if you find any, please report them via the "Bug Track" -link at http://bugzilla.redhat.com/bugzilla/ - -.SH AUTHOR -Nalin Dahyabhai +\fBpam.conf\fR(5), +\fBpam.d\fR(8), +\fBpam\fR(8) +.SH "AUTHOR" +.PP +pam_localuser was written by Nalin Dahyabhai . diff --git a/modules/pam_localuser/pam_localuser.8.xml b/modules/pam_localuser/pam_localuser.8.xml new file mode 100644 index 00000000..f48c041d --- /dev/null +++ b/modules/pam_localuser/pam_localuser.8.xml @@ -0,0 +1,175 @@ + + + + + + + pam_localuser + 8 + Linux-PAM Manual + + + + pam_localuser + require users to be listed in /etc/passwd + + + + + pam_localuser.so + + debug + + + file=/path/passwd + + + + + + + DESCRIPTION + + + pam_localuser is a PAM module to help implementing site-wide login + policies, where they typically include a subset of the network's + users and a few accounts that are local to a particular workstation. + Using pam_localuser and pam_wheel or pam_listfile is an effective + way to restrict access to either local users and/or a subset of the + network's users. + + + This could also be implemented using pam_listfile.so and a very + short awk script invoked by cron, but it's common enough to have + been separated out. + + + + + + + OPTIONS + + + + + + + + + + Print debug information. + + + + + + + + + + + Use a file other than /etc/passwd. + + + + + + + + + + + MODULE SERVICES PROVIDED + + The auth and + account services are supported. + + + + + RETURN VALUES + + + + + PAM_SUCCESS + + + The new localuser was set successfull. + + + + + + PAM_SERVICE_ERR + + + No username was given. + + + + + + PAM_USER_UNKNOWN + + + User not known. + + + + + + + + + + EXAMPLES + + Add the following line to /etc/pam.d/su to + allow only local users in group wheel to use su. + +account sufficient pam_localuser.so +account required pam_wheel.so + + + + + + FILES + + + /etc/passwd + + Local user account information. + + + + + + + SEE ALSO + + + pam.conf5 + , + + pam.d8 + , + + pam8 + + + + + + AUTHOR + + pam_localuser was written by Nalin Dahyabhai <nalin@redhat.com>. + + + + + -- cgit v1.2.3