.\"     Title: pam_rootok
.\"    Author: 
.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/>
.\"      Date: 06/04/2006
.\"    Manual: Linux\-PAM Manual
.\"    Source: Linux\-PAM Manual
.\"
.TH "PAM_ROOTOK" "8" "06/04/2006" "Linux\-PAM Manual" "Linux\-PAM Manual"
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.SH "NAME"
pam_rootok \- Gain only root access
.SH "SYNOPSIS"
.HP 14
\fBpam_rootok.so\fR [debug]
.SH "DESCRIPTION"
.PP
pam_rootok is a PAM module that authenticates the user if their
\fIUID\fR
is
\fI0\fR. Applications that are created setuid\-root generally retain the
\fIUID\fR
of the user but run with the authority of an enhanced effective\-UID. It is the real
\fIUID\fR
that is checked.
.SH "OPTIONS"
.TP 3n
\fBdebug\fR
Print debug information.
.SH "MODULE SERVICES PROVIDED"
.PP
Only the
\fBauth\fR
service is supported.
.SH "RETURN VALUES"
.TP 3n
PAM_SUCCESS
The
\fIUID\fR
is
\fI0\fR.
.TP 3n
PAM_AUTH_ERR
The
\fIUID\fR
is
\fBnot\fR
\fI0\fR.
.SH "EXAMPLES"
.PP
In the case of the
\fBsu\fR(1)
application the historical usage is to permit the superuser to adopt the identity of a lesser user without the use of a password. To obtain this behavior with PAM the following pair of lines are needed for the corresponding entry in the
\fI/etc/pam.d/su\fR
configuration file:
.sp
.RS 3n
.nf
# su authentication. Root is granted access by default.
auth  sufficient   pam_rootok.so
auth  required     pam_unix.so
      
.fi
.RE
.sp
.SH "SEE ALSO"
.PP

\fBsu\fR(1),
\fBpam.conf\fR(5),
\fBpam.d\fR(8),
\fBpam\fR(8)
.SH "AUTHOR"
.PP
pam_rootok was written by Andrew G. Morgan, <morgan@kernel.org>.