PAM_ROOTOK(8) Linux-PAM Manual PAM_ROOTOK(8)NAME
pam_rootok - Gain only root access
SYNOPSIS
pam_rootok.so [debug]
DESCRIPTION
pam_rootok is a PAM module that authenticates the user if their UID is 0. Applications that are created setuid-root generally retain the
UID of the user but run with the authority of an enhanced effective-UID. It is the real UID that is checked.
OPTIONS
debug
Print debug information.
MODULE TYPES PROVIDED
The auth, acct and password module types are provided.
RETURN VALUES
PAM_SUCCESS
The UID is 0.
PAM_AUTH_ERR
The UID is not 0.
EXAMPLES
In the case of the su(1) application the historical usage is to permit the superuser to adopt the identity of a lesser user without the use
of a password. To obtain this behavior with PAM the following pair of lines are needed for the corresponding entry in the /etc/pam.d/su
configuration file:
# su authentication. Root is granted access by default.
auth sufficient pam_rootok.so
auth required pam_unix.so
SEE ALSO su(1), pam.conf(5), pam.d(5), pam(7)AUTHOR
pam_rootok was written by Andrew G. Morgan, <morgan@kernel.org>.
Linux-PAM Manual 06/04/2011 PAM_ROOTOK(8)
Check Out this Related Man Page
PAM_WHEEL(8) Linux-PAM Manual PAM_WHEEL(8)NAME
pam_wheel - Only permit root access to members of group wheel
SYNOPSIS
pam_wheel.so [debug] [deny] [group=name] [root_only] [trust]
DESCRIPTION
The pam_wheel PAM module is used to enforce the so-called wheel group. By default it permits root access to the system if the applicant
user is a member of the wheel group. If no group with this name exist, the module is using the group with the group-ID 0.
OPTIONS
debug
Print debug information.
deny
Reverse the sense of the auth operation: if the user is trying to get UID 0 access and is a member of the wheel group (or the group of
the group option), deny access. Conversely, if the user is not in the group, return PAM_IGNORE (unless trust was also specified, in
which case we return PAM_SUCCESS).
group=name
Instead of checking the wheel or GID 0 groups, use the name group to perform the authentication.
root_only
The check for wheel membership is done only.
trust
The pam_wheel module will return PAM_SUCCESS instead of PAM_IGNORE if the user is a member of the wheel group (thus with a little play
stacking the modules the wheel members may be able to su to root without being prompted for a passwd).
MODULE TYPES PROVIDED
The auth and account module types are provided.
RETURN VALUES
PAM_AUTH_ERR
Authentication failure.
PAM_BUF_ERR
Memory buffer error.
PAM_IGNORE
The return value should be ignored by PAM dispatch.
PAM_PERM_DENY
Permission denied.
PAM_SERVICE_ERR
Cannot determine the user name.
PAM_SUCCESS
Success.
PAM_USER_UNKNOWN
User not known.
EXAMPLES
The root account gains access by default (rootok), only wheel members can become root (wheel) but Unix authenticate non-root applicants.
su auth sufficient pam_rootok.so
su auth required pam_wheel.so
su auth required pam_unix.so
SEE ALSO pam.conf(5), pam.d(5), pam(7)AUTHOR
pam_wheel was written by Cristian Gafton <gafton@redhat.com>.
Linux-PAM Manual 05/31/2011 PAM_WHEEL(8)
I run a HP-9000 system with HP-UX version 11.0 and Informix-4GL version 7.2. I run this system for the military. There was a security issue where only a select few could have the UID of "0". One of those individuals is me (I am the SA). My question is how can i setup my personnel to be able to... (2 Replies)
Hello,
Does anyone know the best way to create a user in Mac OS X with a specific UID?
One (ugly) possibility seems to be to create the user, and then use netinfomanager to fix the UID, and then to run chown on all the user's files, but is there a more elegant way?
Thanks,
Noah (1 Reply)
Hello
im using sun Solaris, I need to get the user id number (generating unique id's)
but I fail to find switch to get only the number of the id
thanks for the help (5 Replies)
We have a problem where we delete a user and their associated UID gets dumped back in the UID pool. The if we immediately create a another (new) user, AIX reuses the last UID, the one that was just released. This is causing a problem when reports are being generated because the new users name is... (2 Replies)
Hi Experts,
Appended is the pam.conf file in my Sol 5.10 client which uses AD for authentication(Followed scott Lowe's blog on AD-Solaris integration):
bash-3.00# cat /etc/pam.conf
##ident "@(#)pam.conf 1.31 07/12/07 SMI"
# Copyright 2007 Sun Microsystems, Inc. All rights reserved.... (9 Replies)
We have recently merged 2 old systems onto a newer Itanium platform. As part of this work we merged the password files and assigned new UID's beginning from 1000. I have a user add script that admins can use to add a user, however this assigns the next available UIB (in the low 100's) rather than... (3 Replies)
Hi folks!
I need you help to discover what's the impact of a duplicated UID in an operating system. What's the meaning when someone put in different users the same UID? (3 Replies)
Hey Folks,
I'm a newbie to Unix. Sorry if this doubt sounds very silly. I know that first 100 UID's are used by system accounts and the rest, for normal users. It'd be great if someone could guide me to a link where i can browse through the list of 100 system managed accounts with their UID's.... (2 Replies)
I'm having a problem pulling UID's from data. The data outputs a user's UID in one of three ways:
1. Error User user_name already assigned with <UID>
2. Success <UID> reserved for user_name
3. <a load of crap because there was a db failure yet somehow the UID is still in there>
I typically... (5 Replies)
Hi,
I have two files on Linux. One is the password file and the new file which has the userID and new UID.
Is there any easy way to update this?
Here is the example of the new file.
21725 xyz1
21777 user2
21789 xyz
Passwd file is
leej:x:10808:10808:Joseph Lee... (3 Replies)