.\"     Title: pam_rootok
.\"    Author: 
.\" Generator: DocBook XSL Stylesheets v1.73.1 <http://docbook.sf.net/>
.\"      Date: 04/16/2008
.\"    Manual: Linux-PAM Manual
.\"    Source: Linux-PAM Manual
.\"
.TH "PAM_ROOTOK" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.SH "NAME"
pam_rootok - Gain only root access
.SH "SYNOPSIS"
.HP 14
\fBpam_rootok\.so\fR [debug]
.SH "DESCRIPTION"
.PP
pam_rootok is a PAM module that authenticates the user if their
\fIUID\fR
is
\fI0\fR\. Applications that are created setuid\-root generally retain the
\fIUID\fR
of the user but run with the authority of an enhanced effective\-UID\. It is the real
\fIUID\fR
that is checked\.
.SH "OPTIONS"
.PP
\fBdebug\fR
.RS 4
Print debug information\.
.RE
.SH "MODULE SERVICES PROVIDED"
.PP
Only the
\fBauth\fR
service is supported\.
.SH "RETURN VALUES"
.PP
PAM_SUCCESS
.RS 4
The
\fIUID\fR
is
\fI0\fR\.
.RE
.PP
PAM_AUTH_ERR
.RS 4
The
\fIUID\fR
is
\fBnot\fR
\fI0\fR\.
.RE
.SH "EXAMPLES"
.PP
In the case of the
\fBsu\fR(1)
application the historical usage is to permit the superuser to adopt the identity of a lesser user without the use of a password\. To obtain this behavior with PAM the following pair of lines are needed for the corresponding entry in the
\fI/etc/pam\.d/su\fR
configuration file:
.sp
.RS 4
.nf
# su authentication\. Root is granted access by default\.
auth  sufficient   pam_rootok\.so
auth  required     pam_unix\.so
      
.fi
.RE
.sp
.SH "SEE ALSO"
.PP

\fBsu\fR(1),
\fBpam.conf\fR(5),
\fBpam.d\fR(8),
\fBpam\fR(8)
.SH "AUTHOR"
.PP
pam_rootok was written by Andrew G\. Morgan, <morgan@kernel\.org>\.