| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131 |
- <?xml version="1.0" encoding='UTF-8'?>
- <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
- "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
- <refentry id="pam_rootok">
- <refmeta>
- <refentrytitle>pam_rootok</refentrytitle>
- <manvolnum>8</manvolnum>
- <refmiscinfo class="sectdesc">Linux-PAM Manual</refmiscinfo>
- </refmeta>
- <refnamediv id="pam_rootok-name">
- <refname>pam_rootok</refname>
- <refpurpose>Gain only root access</refpurpose>
- </refnamediv>
- <refsynopsisdiv>
- <cmdsynopsis id="pam_rootok-cmdsynopsis">
- <command>pam_rootok.so</command>
- <arg choice="opt">
- debug
- </arg>
- </cmdsynopsis>
- </refsynopsisdiv>
- <refsect1 id="pam_rootok-description">
- <title>DESCRIPTION</title>
- <para>
- pam_rootok is a PAM module that authenticates the user if their
- <emphasis>UID</emphasis> is <emphasis>0</emphasis>.
- Applications that are created setuid-root generally retain the
- <emphasis>UID</emphasis> of the user but run with the authority
- of an enhanced effective-UID. It is the real <emphasis>UID</emphasis>
- that is checked.
- </para>
- </refsect1>
- <refsect1 id="pam_rootok-options">
- <title>OPTIONS</title>
- <variablelist>
- <varlistentry>
- <term>
- <option>debug</option>
- </term>
- <listitem>
- <para>
- Print debug information.
- </para>
- </listitem>
- </varlistentry>
- </variablelist>
- </refsect1>
- <refsect1 id="pam_rootok-types">
- <title>MODULE TYPES PROVIDED</title>
- <para>
- The <option>auth</option>, <option>account</option> and
- <option>password</option> module types are provided.
- </para>
- </refsect1>
- <refsect1 id='pam_rootok-return_values'>
- <title>RETURN VALUES</title>
- <variablelist>
- <varlistentry>
- <term>PAM_SUCCESS</term>
- <listitem>
- <para>
- The <emphasis>UID</emphasis> is <emphasis>0</emphasis>.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>PAM_AUTH_ERR</term>
- <listitem>
- <para>
- The <emphasis>UID</emphasis> is <emphasis remap='B'>not</emphasis>
- <emphasis>0</emphasis>.
- </para>
- </listitem>
- </varlistentry>
- </variablelist>
- </refsect1>
- <refsect1 id='pam_rootok-examples'>
- <title>EXAMPLES</title>
- <para>
- In the case of the <citerefentry>
- <refentrytitle>su</refentrytitle><manvolnum>1</manvolnum>
- </citerefentry> application the historical usage is to
- permit the superuser to adopt the identity of a lesser user
- without the use of a password. To obtain this behavior with PAM
- the following pair of lines are needed for the corresponding entry
- in the <filename>/etc/pam.d/su</filename> configuration file:
- <programlisting>
- # su authentication. Root is granted access by default.
- auth sufficient pam_rootok.so
- auth required pam_unix.so
- </programlisting>
- </para>
- </refsect1>
- <refsect1 id='pam_rootok-see_also'>
- <title>SEE ALSO</title>
- <para>
- <citerefentry>
- <refentrytitle>su</refentrytitle><manvolnum>1</manvolnum>
- </citerefentry>,
- <citerefentry>
- <refentrytitle>pam.conf</refentrytitle><manvolnum>5</manvolnum>
- </citerefentry>,
- <citerefentry>
- <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum>
- </citerefentry>,
- <citerefentry>
- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum>
- </citerefentry>
- </para>
- </refsect1>
- <refsect1 id='pam_rootok-author'>
- <title>AUTHOR</title>
- <para>
- pam_rootok was written by Andrew G. Morgan, <morgan@kernel.org>.
- </para>
- </refsect1>
- </refentry>
|
