table of contents
PAM_LOGINUID(8) | Linux-PAM Manual | PAM_LOGINUID(8) |
NAME¶
pam_loginuid - Record user's login uid to the process attributeSYNOPSIS¶
pam_loginuid.so [require_auditd]
DESCRIPTION¶
The pam_loginuid module sets the loginuid process attribute for the process that was authenticated. This is necessary for applications to be correctly audited. This PAM module should only be used for entry point applications like: login, sshd, gdm, vsftpd, crond and atd. There are probably other entry point applications besides these. You should not use it for applications like sudo or su as that defeats the purpose by changing the loginuid to the account they just switched to.OPTIONS¶
require_auditdThis option, when given, will cause this module to query
the audit daemon status and deny logins if it is not running.
MODULE TYPES PROVIDED¶
Only the session module type is provided.RETURN VALUES¶
PAM_SUCCESSThe loginuid value is set and auditd is running if check
requested.
PAM_IGNORE
The /proc/self/loginuid file is not present on the system
or the login process runs inside uid namespace and kernel does not support
overwriting loginuid.
PAM_SESSION_ERR
Any other error prevented setting loginuid or auditd is
not running.
EXAMPLES¶
#%PAM-1.0 auth required pam_unix.so auth required pam_nologin.so account required pam_unix.so password required pam_unix.so session required pam_unix.so session required pam_loginuid.so
SEE ALSO¶
pam.conf(5), pam.d(5), pam(7), auditctl(8), auditd(8)AUTHOR¶
pam_loginuid was written by Steve Grubb <sgrubb@redhat.com>05/18/2017 | Linux-PAM Manual |