From 45a3264ab12e4f59aebe4f7329c518e036fe7e11 Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Sun, 4 Jun 2006 15:29:21 +0000 Subject: Relevant BUGIDs: Purpose of commit: new feature Commit summary: --------------- 2006-06-04 Thorsten Kukuk * modules/pam_securetty/Makefile.am: Include Make.xml.rules. * modules/pam_securetty/pam_securetty.8.xml: New. * modules/pam_securetty/pam_securetty.8: Regenerated from xml file. * modules/pam_securetty/README.xml: New. * modules/pam_securetty/README: Regenerated from xml file. --- modules/pam_securetty/Makefile.am | 9 +- modules/pam_securetty/README | 38 +++++-- modules/pam_securetty/README.xml | 41 ++++++++ modules/pam_securetty/pam_securetty.8 | 147 ++++++++++++-------------- modules/pam_securetty/pam_securetty.8.xml | 167 ++++++++++++++++++++++++++++++ 5 files changed, 314 insertions(+), 88 deletions(-) create mode 100644 modules/pam_securetty/README.xml create mode 100644 modules/pam_securetty/pam_securetty.8.xml (limited to 'modules/pam_securetty') diff --git a/modules/pam_securetty/Makefile.am b/modules/pam_securetty/Makefile.am index 1562a937..ca97ef4d 100644 --- a/modules/pam_securetty/Makefile.am +++ b/modules/pam_securetty/Makefile.am @@ -4,11 +4,12 @@ CLEANFILES = *~ -EXTRA_DIST = README $(MANS) tst-pam_securetty +EXTRA_DIST = README $(MANS) $(XMLS) tst-pam_securetty TESTS = tst-pam_securetty man_MANS = pam_securetty.8 +XMLS = README.xml pam_securetty.8.xml securelibdir = $(SECUREDIR) secureconfdir = $(SCONFIGDIR) @@ -21,3 +22,9 @@ if HAVE_VERSIONING endif securelib_LTLIBRARIES = pam_securetty.la + +if ENABLE_REGENERATE_MAN +noinst_DATA = README +README: pam_securetty.8.xml +-include $(top_srcdir)/Make.xml.rules +endif diff --git a/modules/pam_securetty/README b/modules/pam_securetty/README index 1df095c9..d4ee5f97 100644 --- a/modules/pam_securetty/README +++ b/modules/pam_securetty/README @@ -1,9 +1,33 @@ -pam_securetty: - Allows root logins only if the user is logging in on a - "secure" tty, as defined by the listing in /etc/securetty +pam_securetty — Limit root login to special devices - Also checks to make sure that /etc/securetty is a plain - file and not world writable. +━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ + +DESCRIPTION + +pam_securetty is a PAM module that allows root logins only if the user is +logging in on a "secure" tty, as defined by the listing in /etc/securetty. +pam_securetty also checks to make sure that /etc/securetty is a plain file and +not world writable. + +This module has no effect on non-root users and requires that the application +fills in the PAM_TTY item correctly. + +For canonical usage, should be listed as a required authentication method +before any sufficient authentication methods. + +OPTIONS + +debug + + Print debug information. + +EXAMPLES + +auth required pam_securetty.so +auth required pam_unix.so + + +AUTHOR + +pam_securetty was written by Elliot Lee . - - Elliot Lee , Red Hat Software. - July 25, 1996. diff --git a/modules/pam_securetty/README.xml b/modules/pam_securetty/README.xml new file mode 100644 index 00000000..a8c098a0 --- /dev/null +++ b/modules/pam_securetty/README.xml @@ -0,0 +1,41 @@ + + +--> +]> + +
+ + + + + <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" + href="pam_securetty.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_securetty-name"]/*)'/> + + + + +
+ +
+ +
+ +
+ +
+ +
+ +
+ +
+ +
diff --git a/modules/pam_securetty/pam_securetty.8 b/modules/pam_securetty/pam_securetty.8 index 2364a312..f72e611f 100644 --- a/modules/pam_securetty/pam_securetty.8 +++ b/modules/pam_securetty/pam_securetty.8 @@ -1,98 +1,85 @@ -.\" Copyright (C) 2003 International Business Machines Corp. -.\" This file is distributed according to the GNU General Public License. -.\" See the file COPYING in the top level source directory for details. +.\" Title: pam_securetty +.\" Author: +.\" Generator: DocBook XSL Stylesheets v1.70.1 +.\" Date: 06/04/2006 +.\" Manual: Linux\-PAM Manual +.\" Source: Linux\-PAM Manual .\" -.de Sh \" Subsection -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.TH "PAM_SECURETTY" 8 "2003-02-21" "Linux 2.4" "System Administrator's Manual" -.SH NAME -pam_securetty \- Limits root to logging in on devices listed in /etc/securetty -.SH "SYNOPSIS" +.TH "PAM_SECURETTY" "8" "06/04/2006" "Linux\-PAM Manual" "Linux\-PAM Manual" +.\" disable hyphenation +.nh +.\" disable justification (adjust text to left margin only) .ad l -.hy 0 - -/usr/security/pam_securetty -.sp -.ad -.hy - +.SH "NAME" +pam_securetty \- Limit root login to special devices +.SH "SYNOPSIS" +.HP 17 +\fBpam_securetty.so\fR [debug] .SH "DESCRIPTION" - .PP -\fBpam_securetty\fR is a PAM module that allows root logins only if the -user is logging in on a "secure" tty, as defined by the listing in -\fI/etc/securetty\fR. -\fBpam_securetty\fR also checks to make sure that \fI/etc/securetty\fR +pam_securetty is a PAM module that allows root logins only if the user is logging in on a "secure" tty, as defined by the listing in +\fI/etc/securetty\fR. pam_securetty also checks to make sure that +\fI/etc/securetty\fR is a plain file and not world writable. - .PP -This module has no effect on non-root users. - -.SH "OPTIONS" +This module has no effect on non\-root users and requires that the application fills in the +\fBPAM_TTY\fR +item correctly. .PP -\fBpam_securetty\fR has no options. - -.SH "RETURN CODES" +For canonical usage, should be listed as a +\fBrequired\fR +authentication method before any +\fBsufficient\fR +authentication methods. +.SH "OPTIONS" +.TP 3n +\fBdebug\fR +Print debug information. +.SH "MODULE SERVICES PROVIDED" .PP -\fBpam_securetty\fR has the following return codes: -.TP +Only the +\fBauth\fR +service is supported. +.SH "RETURN VALUES" +.TP 3n PAM_SUCCESS -The user is allowed to continue authentication. -Either the user is not root, or the root user is trying to log in on -an acceptable device. - -.TP +The user is allowed to continue authentication. Either the user is not root, or the root user is trying to log in on an acceptable device. +.TP 3n PAM_AUTH_ERR -Authentication is rejected. -Either root is attempting to log in via an unacceptable device, -or the \fI/etc/securetty\fR file is world writable or not a normal file. - -.TP +Authentication is rejected. Either root is attempting to log in via an unacceptable device, or the +\fI/etc/securetty\fR +file is world writable or not a normal file. +.TP 3n PAM_INCOMPLETE -An application error occurred. \fBpam_securetty\fR was not able to get -information it required from the application that called it. - -.TP +An application error occurred. pam_securetty was not able to get information it required from the application that called it. +.TP 3n PAM_SERVICE_ERR -An error occurred while the module was determining the user's name or tty, -or the module could not open \fI/etc/securetty\fR. - -.TP +An error occurred while the module was determining the user's name or tty, or the module could not open +\fI/etc/securetty\fR. +.TP 3n PAM_IGNORE -The module could not find the user name in the -\fI/etc/passwd\fR file to verify whether the user had a UID of 0. -Therefore, the results of running this module are ignored. - -.SH "HISTORY" - +The module could not find the user name in the +\fI/etc/passwd\fR +file to verify whether the user had a UID of 0. Therefore, the results of running this module are ignored. +.SH "EXAMPLES" .PP -\fBpam_securetty\fR was written by Elliot Lee. - -.SH "FILES" - -.PP - \fI/etc/securetty\fR +.sp +.RS 3n +.nf +auth required pam_securetty.so +auth required pam_unix.so + +.fi +.RE +.sp .SH "SEE ALSO" - .PP -\fBpam.conf\fR(8), \fBpam.d\fR(8), \fBpam\fR(8), \fBsecuretty\fR(8). -.SH AUTHOR -Emily Ratliff. +\fBsecuretty\fR(5), +\fBpam.conf\fR(5), +\fBpam.d\fR(8), +\fBpam\fR(8) +.SH "AUTHOR" +.PP +pam_securetty was written by Elliot Lee . diff --git a/modules/pam_securetty/pam_securetty.8.xml b/modules/pam_securetty/pam_securetty.8.xml new file mode 100644 index 00000000..56348d78 --- /dev/null +++ b/modules/pam_securetty/pam_securetty.8.xml @@ -0,0 +1,167 @@ + + + + + + + pam_securetty + 8 + Linux-PAM Manual + + + + pam_securetty + Limit root login to special devices + + + + + pam_securetty.so + + debug + + + + + + + DESCRIPTION + + + pam_securetty is a PAM module that allows root logins only if the + user is logging in on a "secure" tty, as defined by the listing + in /etc/securetty. pam_securetty also checks + to make sure that /etc/securetty is a plain + file and not world writable. + + + This module has no effect on non-root users and requires that the + application fills in the PAM_TTY + item correctly. + + + For canonical usage, should be listed as a + required authentication method + before any sufficient + authentication methods. + + + + + OPTIONS + + + + + + + + Print debug information. + + + + + + + + MODULE SERVICES PROVIDED + + Only the service is supported. + + + + + RETURN VALUES + + + PAM_SUCCESS + + + The user is allowed to continue authentication. + Either the user is not root, or the root user is + trying to log in on an acceptable device. + + + + + PAM_AUTH_ERR + + + Authentication is rejected. Either root is attempting to + log in via an unacceptable device, or the + /etc/securetty file is world writable or + not a normal file. + + + + + PAM_INCOMPLETE + + + An application error occurred. pam_securetty was not able + to get information it required from the application that + called it. + + + + + PAM_SERVICE_ERR + + + An error occurred while the module was determining the + user's name or tty, or the module could not open + /etc/securetty. + + + + + PAM_IGNORE + + + The module could not find the user name in the + /etc/passwd file to verify whether + the user had a UID of 0. Therefore, the results of running + this module are ignored. + + + + + + + + EXAMPLES + + +auth required pam_securetty.so +auth required pam_unix.so + + + + + + SEE ALSO + + + securetty5 + , + + pam.conf5 + , + + pam.d8 + , + + pam8 + + + + + + AUTHOR + + pam_securetty was written by Elliot Lee <sopwith@cuc.edu>. + + + + -- cgit v1.2.3