summaryrefslogtreecommitdiff
path: root/modules/pam_sepermit/sepermit.conf.5
blob: f2b5d0927ec8b709e2f0f83d471204ada8ff6a26 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
'\" t
.\"     Title: sepermit.conf
.\"    Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
.\"      Date: 06/08/2020
.\"    Manual: Linux-PAM Manual
.\"    Source: Linux-PAM Manual
.\"  Language: English
.\"
.TH "SEPERMIT\&.CONF" "5" "06/08/2020" "Linux-PAM Manual" "Linux\-PAM Manual"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
sepermit.conf \- configuration file for the pam_sepermit module
.SH "DESCRIPTION"
.PP
The lines of the configuration file have the following syntax:
.PP
\fI<user>\fR[:\fI<option>\fR:\fI<option>\fR\&.\&.\&.]
.PP
The
\fBuser\fR
can be specified in the following manner:
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
a username
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
a groupname, with
\fB@group\fR
syntax\&. This should not be confused with netgroups\&.
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
a SELinux user name with
\fB%seuser\fR
syntax\&.
.RE
.PP
The recognized options are:
.PP
\fBexclusive\fR
.RS 4
Only single login session will be allowed for the user and the user\*(Aqs processes will be killed on logout\&.
.RE
.PP
\fBignore\fR
.RS 4
The module will never return PAM_SUCCESS status for the user\&. It will return PAM_IGNORE if SELinux is in the enforcing mode, and PAM_AUTH_ERR otherwise\&. It is useful if you want to support passwordless guest users and other confined users with passwords simultaneously\&.
.RE
.PP
The lines which start with # character are comments and are ignored\&.
.SH "EXAMPLES"
.PP
These are some example lines which might be specified in
/etc/security/sepermit\&.conf\&.
.sp
.if n \{\
.RS 4
.\}
.nf
%guest_u:exclusive
%staff_u:ignore
%user_u:ignore
    
.fi
.if n \{\
.RE
.\}
.SH "SEE ALSO"
.PP
\fBpam_sepermit\fR(8),
\fBpam.d\fR(5),
\fBpam\fR(8),
\fBselinux\fR(8),
.SH "AUTHOR"
.PP
pam_sepermit and this manual page were written by Tomas Mraz <tmraz@redhat\&.com>