Linux 2.6 - man page for pam_wheel (linux section 8)
|Linux & Unix Commands - Search Man Pages
PAM_WHEEL(8) Linux-PAM Manual PAM_WHEEL(8)
pam_wheel - Only permit root access to members of group wheel
pam_wheel.so [debug] [deny] [group=name] [root_only] [trust]
The pam_wheel PAM module is used to enforce the so-called wheel group. By default it
permits root access to the system if the applicant user is a member of the wheel group. If
no group with this name exist, the module is using the group with the group-ID 0.
Print debug information.
Reverse the sense of the auth operation: if the user is trying to get UID 0 access and
is a member of the wheel group (or the group of the group option), deny access.
Conversely, if the user is not in the group, return PAM_IGNORE (unless trust was also
specified, in which case we return PAM_SUCCESS).
Instead of checking the wheel or GID 0 groups, use the name group to perform the
The check for wheel membership is done only.
The pam_wheel module will return PAM_SUCCESS instead of PAM_IGNORE if the user is a
member of the wheel group (thus with a little play stacking the modules the wheel
members may be able to su to root without being prompted for a passwd).
MODULE TYPES PROVIDED
The auth and account module types are provided.
Memory buffer error.
The return value should be ignored by PAM dispatch.
Cannot determine the user name.
User not known.
The root account gains access by default (rootok), only wheel members can become root
(wheel) but Unix authenticate non-root applicants.
su auth sufficient pam_rootok.so
su auth required pam_wheel.so
su auth required pam_unix.so
pam.conf(5), pam.d(5), pam(7)
pam_wheel was written by Cristian Gafton <email@example.com>.
Linux-PAM Manual 05/31/2011 PAM_WHEEL(8)
All times are GMT -4. The time now is 08:00 PM.