table of contents
PAM_WHEEL(8) | Linux-PAM Manual | PAM_WHEEL(8) |
NAME¶
pam_wheel - Only permit root access to members of group wheelSYNOPSIS¶
pam_wheel.so
[debug] [deny] [group= name] [root_only] [trust]
DESCRIPTION¶
The pam_wheel PAM module is used to enforce the so-called wheel group. By default it permits root access to the system if the applicant user is a member of the wheel group. If no group with this name exist, the module is using the group with the group-ID 0.OPTIONS¶
debugPrint debug information.
deny
Reverse the sense of the auth operation: if
the user is trying to get UID 0 access and is a member of the wheel group (or
the group of the group option), deny access. Conversely, if the user is
not in the group, return PAM_IGNORE (unless trust was also specified,
in which case we return PAM_SUCCESS).
group=name
Instead of checking the wheel or GID 0 groups,
use the name group to perform the authentication.
root_only
The check for wheel membership is done
only.
trust
The pam_wheel module will return PAM_SUCCESS
instead of PAM_IGNORE if the user is a member of the wheel group (thus with a
little play stacking the modules the wheel members may be able to su to root
without being prompted for a passwd).
MODULE TYPES PROVIDED¶
The auth and account module types are provided.RETURN VALUES¶
PAM_AUTH_ERRAuthentication failure.
PAM_BUF_ERR
Memory buffer error.
PAM_IGNORE
The return value should be ignored by PAM
dispatch.
PAM_PERM_DENY
Permission denied.
PAM_SERVICE_ERR
Cannot determine the user name.
PAM_SUCCESS
Success.
PAM_USER_UNKNOWN
User not known.
EXAMPLES¶
The root account gains access by default (rootok), only wheel members can become root (wheel) but Unix authenticate non-root applicants.su auth sufficient pam_rootok.so su auth required pam_wheel.so su auth required pam_unix.so
SEE ALSO¶
AUTHOR¶
pam_wheel was written by Cristian Gafton <gafton@redhat.com>.05/31/2011 | Linux-PAM Manual |