Adding upstream version 1.3.1.upstream/1.3.1upstream

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>

2 files changed, 102 insertions, 0 deletions

diff --git a/modules/pam_wheel/README b/modules/pam_wheel/README
new file mode 100644
index 0000000..ce12357
--- /dev/null
+++ b/modules/pam_wheel/README
@@ -0,0 +1,61 @@
+pam_wheel — Only permit root access to members of group wheel
+
+━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
+
+DESCRIPTION
+
+The pam_wheel PAM module is used to enforce the so-called wheel group. By
+default it permits root access to the system if the applicant user is a member
+of the wheel group. If no group with this name exist, the module is using the
+group with the group-ID 0.
+
+OPTIONS
+
+debug
+
+    Print debug information.
+
+deny
+
+    Reverse the sense of the auth operation: if the user is trying to get UID 0
+    access and is a member of the wheel group (or the group of the group
+    option), deny access. Conversely, if the user is not in the group, return
+    PAM_IGNORE (unless trust was also specified, in which case we return
+    PAM_SUCCESS).
+
+group=name
+
+    Instead of checking the wheel or GID 0 groups, use the name group to
+    perform the authentication.
+
+root_only
+
+    The check for wheel membership is done only when the target user UID is 0.
+
+trust
+
+    The pam_wheel module will return PAM_SUCCESS instead of PAM_IGNORE if the
+    user is a member of the wheel group (thus with a little play stacking the
+    modules the wheel members may be able to su to root without being prompted
+    for a passwd).
+
+use_uid
+
+    The check for wheel membership will be done against the current uid instead
+    of the original one (useful when jumping with su from one account to
+    another for example).
+
+EXAMPLES
+
+The root account gains access by default (rootok), only wheel members can
+become root (wheel) but Unix authenticate non-root applicants.
+
+su      auth     sufficient     pam_rootok.so
+su      auth     required       pam_wheel.so
+su      auth     required       pam_unix.so
+
+
+AUTHOR
+
+pam_wheel was written by Cristian Gafton <gafton@redhat.com>.
+
diff --git a/modules/pam_wheel/README.xml b/modules/pam_wheel/README.xml
new file mode 100644
index 0000000..9e33d7f
--- /dev/null
+++ b/modules/pam_wheel/README.xml
@@ -0,0 +1,41 @@
+<?xml version="1.0" encoding='UTF-8'?>
+<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
+"http://www.docbook.org/xml/4.3/docbookx.dtd"
+[
+<!--
+<!ENTITY pamaccess SYSTEM "pam_wheel.8.xml">
+-->
+]>
+
+<article>
+
+  <articleinfo>
+
+    <title>
+      <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+      href="pam_wheel.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_wheel-name"]/*)'/>
+    </title>
+
+  </articleinfo>
+
+  <section>
+    <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+      href="pam_wheel.8.xml" xpointer='xpointer(//refsect1[@id = "pam_wheel-description"]/*)'/>
+  </section>
+
+  <section>
+    <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+      href="pam_wheel.8.xml" xpointer='xpointer(//refsect1[@id = "pam_wheel-options"]/*)'/>
+  </section>
+
+  <section>
+    <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+      href="pam_wheel.8.xml" xpointer='xpointer(//refsect1[@id = "pam_wheel-examples"]/*)'/>
+  </section>
+
+  <section>
+    <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+      href="pam_wheel.8.xml" xpointer='xpointer(//refsect1[@id = "pam_wheel-author"]/*)'/>
+  </section>
+
+</article>