Unix/Linux Go Back    


Linux 2.6 - man page for pam_wheel (linux section 8)

Linux & Unix Commands - Search Man Pages
Man Page or Keyword Search:   man
Select Man Page Set:       apropos Keyword Search (sections above)


PAM_WHEEL(8)				 Linux-PAM Manual			     PAM_WHEEL(8)

NAME
       pam_wheel - Only permit root access to members of group wheel

SYNOPSIS
       pam_wheel.so [debug] [deny] [group=name] [root_only] [trust]

DESCRIPTION
       The pam_wheel PAM module is used to enforce the so-called wheel group. By default it
       permits root access to the system if the applicant user is a member of the wheel group. If
       no group with this name exist, the module is using the group with the group-ID 0.

OPTIONS
       debug
	   Print debug information.

       deny
	   Reverse the sense of the auth operation: if the user is trying to get UID 0 access and
	   is a member of the wheel group (or the group of the group option), deny access.
	   Conversely, if the user is not in the group, return PAM_IGNORE (unless trust was also
	   specified, in which case we return PAM_SUCCESS).

       group=name
	   Instead of checking the wheel or GID 0 groups, use the name group to perform the
	   authentication.

       root_only
	   The check for wheel membership is done only.

       trust
	   The pam_wheel module will return PAM_SUCCESS instead of PAM_IGNORE if the user is a
	   member of the wheel group (thus with a little play stacking the modules the wheel
	   members may be able to su to root without being prompted for a passwd).

MODULE TYPES PROVIDED
       The auth and account module types are provided.

RETURN VALUES
       PAM_AUTH_ERR
	   Authentication failure.

       PAM_BUF_ERR
	   Memory buffer error.

       PAM_IGNORE
	   The return value should be ignored by PAM dispatch.

       PAM_PERM_DENY
	   Permission denied.

       PAM_SERVICE_ERR
	   Cannot determine the user name.

       PAM_SUCCESS
	   Success.

       PAM_USER_UNKNOWN
	   User not known.

EXAMPLES
       The root account gains access by default (rootok), only wheel members can become root
       (wheel) but Unix authenticate non-root applicants.

	   su	   auth     sufficient	   pam_rootok.so
	   su	   auth     required	   pam_wheel.so
	   su	   auth     required	   pam_unix.so

SEE ALSO
       pam.conf(5), pam.d(5), pam(7)

AUTHOR
       pam_wheel was written by Cristian Gafton <gafton@redhat.com>.

Linux-PAM Manual			    05/31/2011				     PAM_WHEEL(8)
Unix & Linux Commands & Man Pages : ©2000 - 2018 Unix and Linux Forums


All times are GMT -4. The time now is 08:00 PM.