| 12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061 |
- pam_wheel — Only permit root access to members of group wheel
- ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
- DESCRIPTION
- The pam_wheel PAM module is used to enforce the so-called wheel group. By
- default it permits access to the target user if the applicant user is a member
- of the wheel group. If no group with this name exist, the module is using the
- group with the group-ID 0.
- OPTIONS
- debug
- Print debug information.
- deny
- Reverse the sense of the auth operation: if the user is trying to get UID 0
- access and is a member of the wheel group (or the group of the group
- option), deny access. Conversely, if the user is not in the group, return
- PAM_IGNORE (unless trust was also specified, in which case we return
- PAM_SUCCESS).
- group=name
- Instead of checking the wheel or GID 0 groups, use the name group to
- perform the authentication.
- root_only
- The check for wheel membership is done only when the target user UID is 0.
- trust
- The pam_wheel module will return PAM_SUCCESS instead of PAM_IGNORE if the
- user is a member of the wheel group (thus with a little play stacking the
- modules the wheel members may be able to su to root without being prompted
- for a passwd).
- use_uid
- The check will be done against the real uid of the calling process, instead
- of trying to obtain the user from the login session associated with the
- terminal in use.
- EXAMPLES
- The root account gains access by default (rootok), only wheel members can
- become root (wheel) but Unix authenticate non-root applicants.
- su auth sufficient pam_rootok.so
- su auth required pam_wheel.so
- su auth required pam_unix.so
- AUTHOR
- pam_wheel was written by Cristian Gafton <gafton@redhat.com>.
|
