'\" t
.\"     Title: pam_localuser
.\"    Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
.\"      Date: 06/08/2020
.\"    Manual: Linux-PAM Manual
.\"    Source: Linux-PAM Manual
.\"  Language: English
.\"
.TH "PAM_LOCALUSER" "8" "06/08/2020" "Linux-PAM Manual" "Linux\-PAM Manual"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
pam_localuser \- require users to be listed in /etc/passwd
.SH "SYNOPSIS"
.HP \w'\fBpam_localuser\&.so\fR\ 'u
\fBpam_localuser\&.so\fR [debug] [file=\fI/path/passwd\fR]
.SH "DESCRIPTION"
.PP
pam_localuser is a PAM module to help implementing site\-wide login policies, where they typically include a subset of the network\*(Aqs users and a few accounts that are local to a particular workstation\&. Using pam_localuser and pam_wheel or pam_listfile is an effective way to restrict access to either local users and/or a subset of the network\*(Aqs users\&.
.PP
This could also be implemented using pam_listfile\&.so and a very short awk script invoked by cron, but it\*(Aqs common enough to have been separated out\&.
.SH "OPTIONS"
.PP
.PP
\fBdebug\fR
.RS 4
Print debug information\&.
.RE
.PP
\fBfile=\fR\fB\fI/path/passwd\fR\fR
.RS 4
Use a file other than
/etc/passwd\&.
.RE
.SH "MODULE TYPES PROVIDED"
.PP
All module types (\fBaccount\fR,
\fBauth\fR,
\fBpassword\fR
and
\fBsession\fR) are provided\&.
.SH "RETURN VALUES"
.PP
.PP
PAM_SUCCESS
.RS 4
The new localuser was set successfully\&.
.RE
.PP
PAM_BUF_ERR
.RS 4
Memory buffer error\&.
.RE
.PP
PAM_CONV_ERR
.RS 4
The conversation method supplied by the application failed to obtain the username\&.
.RE
.PP
PAM_INCOMPLETE
.RS 4
The conversation method supplied by the application returned PAM_CONV_AGAIN\&.
.RE
.PP
PAM_SERVICE_ERR
.RS 4
The user name is not valid or the passwd file is unavailable\&.
.RE
.PP
PAM_PERM_DENIED
.RS 4
The user is not listed in the passwd file\&.
.RE
.SH "EXAMPLES"
.PP
Add the following lines to
/etc/pam\&.d/su
to allow only local users or group wheel to use su\&.
.sp
.if n \{\
.RS 4
.\}
.nf
account sufficient pam_localuser\&.so
account required pam_wheel\&.so
      
.fi
.if n \{\
.RE
.\}
.sp
.SH "FILES"
.PP
/etc/passwd
.RS 4
Local user account information\&.
.RE
.SH "SEE ALSO"
.PP
\fBpam.conf\fR(5),
\fBpam.d\fR(5),
\fBpam\fR(7)
.SH "AUTHOR"
.PP
pam_localuser was written by Nalin Dahyabhai <nalin@redhat\&.com>\&.