8516
/
Test


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226
							'\" t
.\"     Title: pam_succeed_if
.\"    Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
.\"      Date: 09/03/2021
.\"    Manual: Linux-PAM
.\"    Source: Linux-PAM
.\"  Language: English
.\"
.TH "PAM_SUCCEED_IF" "8" "09/03/2021" "Linux-PAM" "Linux\-PAM"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
pam_succeed_if \- test account characteristics
.SH "SYNOPSIS"
.HP \w'\fBpam_succeed_if\&.so\fR\ 'u
\fBpam_succeed_if\&.so\fR [\fIflag\fR...] [\fIcondition\fR...]
.SH "DESCRIPTION"
.PP
pam_succeed_if\&.so is designed to succeed or fail authentication based on characteristics of the account belonging to the user being authenticated or values of other PAM items\&. One use is to select whether to load other modules based on this test\&.
.PP
The module should be given one or more conditions as module arguments, and authentication will succeed only if all of the conditions are met\&.
.SH "OPTIONS"
.PP
The following
\fIflag\fRs are supported:
.PP
\fBdebug\fR
.RS 4
Turns on debugging messages sent to syslog\&.
.RE
.PP
\fBuse_uid\fR
.RS 4
Evaluate conditions using the account of the user whose UID the application is running under instead of the user being authenticated\&.
.RE
.PP
\fBquiet\fR
.RS 4
Don\*(Aqt log failure or success to the system log\&.
.RE
.PP
\fBquiet_fail\fR
.RS 4
Don\*(Aqt log failure to the system log\&.
.RE
.PP
\fBquiet_success\fR
.RS 4
Don\*(Aqt log success to the system log\&.
.RE
.PP
\fBaudit\fR
.RS 4
Log unknown users to the system log\&.
.RE
.PP
\fICondition\fRs are three words: a field, a test, and a value to test for\&.
.PP
Available fields are
\fIuser\fR,
\fIuid\fR,
\fIgid\fR,
\fIshell\fR,
\fIhome\fR,
\fIruser\fR,
\fIrhost\fR,
\fItty\fR
and
\fIservice\fR:
.PP
\fBfield < number\fR
.RS 4
Field has a value numerically less than number\&.
.RE
.PP
\fBfield <= number\fR
.RS 4
Field has a value numerically less than or equal to number\&.
.RE
.PP
\fBfield eq number\fR
.RS 4
Field has a value numerically equal to number\&.
.RE
.PP
\fBfield >= number\fR
.RS 4
Field has a value numerically greater than or equal to number\&.
.RE
.PP
\fBfield > number\fR
.RS 4
Field has a value numerically greater than number\&.
.RE
.PP
\fBfield ne number\fR
.RS 4
Field has a value numerically different from number\&.
.RE
.PP
\fBfield = string\fR
.RS 4
Field exactly matches the given string\&.
.RE
.PP
\fBfield != string\fR
.RS 4
Field does not match the given string\&.
.RE
.PP
\fBfield =~ glob\fR
.RS 4
Field matches the given glob\&.
.RE
.PP
\fBfield !~ glob\fR
.RS 4
Field does not match the given glob\&.
.RE
.PP
\fBfield in item:item:\&.\&.\&.\fR
.RS 4
Field is contained in the list of items separated by colons\&.
.RE
.PP
\fBfield notin item:item:\&.\&.\&.\fR
.RS 4
Field is not contained in the list of items separated by colons\&.
.RE
.PP
\fBuser ingroup group[:group:\&.\&.\&.\&.]\fR
.RS 4
User is in given group(s)\&.
.RE
.PP
\fBuser notingroup group[:group:\&.\&.\&.\&.]\fR
.RS 4
User is not in given group(s)\&.
.RE
.PP
\fBuser innetgr netgroup\fR
.RS 4
(user,host) is in given netgroup\&.
.RE
.PP
\fBuser notinnetgr group\fR
.RS 4
(user,host) is not in given netgroup\&.
.RE
.SH "MODULE TYPES PROVIDED"
.PP
All module types (\fBaccount\fR,
\fBauth\fR,
\fBpassword\fR
and
\fBsession\fR) are provided\&.
.SH "RETURN VALUES"
.PP
PAM_SUCCESS
.RS 4
The condition was true\&.
.RE
.PP
PAM_AUTH_ERR
.RS 4
The condition was false\&.
.RE
.PP
PAM_SERVICE_ERR
.RS 4
A service error occurred or the arguments can\*(Aqt be parsed correctly\&.
.RE
.SH "EXAMPLES"
.PP
To emulate the behaviour of
\fIpam_wheel\fR, except there is no fallback to group 0 being only approximated by checking also the root group membership:
.sp
.if n \{\
.RS 4
.\}
.nf
auth required pam_succeed_if\&.so quiet user ingroup wheel:root
    
.fi
.if n \{\
.RE
.\}
.PP
Given that the type matches, only loads the othermodule rule if the UID is over 500\&. Adjust the number after default to skip several rules\&.
.sp
.if n \{\
.RS 4
.\}
.nf
type [default=1 success=ignore] pam_succeed_if\&.so quiet uid > 500
type required othermodule\&.so arguments\&.\&.\&.
    
.fi
.if n \{\
.RE
.\}
.SH "SEE ALSO"
.PP
\fBglob\fR(7),
\fBpam\fR(8)
.SH "AUTHOR"
.PP
Nalin Dahyabhai <nalin@redhat\&.com>