diff options
Diffstat (limited to '')
-rw-r--r-- | modules/pam_localuser/pam_localuser.8 | 108 | ||||
-rw-r--r-- | modules/pam_localuser/pam_localuser.8.xml | 173 |
2 files changed, 281 insertions, 0 deletions
diff --git a/modules/pam_localuser/pam_localuser.8 b/modules/pam_localuser/pam_localuser.8 new file mode 100644 index 0000000..bb83430 --- /dev/null +++ b/modules/pam_localuser/pam_localuser.8 @@ -0,0 +1,108 @@ +'\" t +.\" Title: pam_localuser +.\" Author: [see the "AUTHOR" section] +.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/> +.\" Date: 05/18/2017 +.\" Manual: Linux-PAM Manual +.\" Source: Linux-PAM Manual +.\" Language: English +.\" +.TH "PAM_LOCALUSER" "8" "05/18/2017" "Linux-PAM Manual" "Linux\-PAM Manual" +.\" ----------------------------------------------------------------- +.\" * Define some portability stuff +.\" ----------------------------------------------------------------- +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.\" http://bugs.debian.org/507673 +.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" ----------------------------------------------------------------- +.\" * set default formatting +.\" ----------------------------------------------------------------- +.\" disable hyphenation +.nh +.\" disable justification (adjust text to left margin only) +.ad l +.\" ----------------------------------------------------------------- +.\" * MAIN CONTENT STARTS HERE * +.\" ----------------------------------------------------------------- +.SH "NAME" +pam_localuser \- require users to be listed in /etc/passwd +.SH "SYNOPSIS" +.HP \w'\fBpam_localuser\&.so\fR\ 'u +\fBpam_localuser\&.so\fR [debug] [file=\fI/path/passwd\fR] +.SH "DESCRIPTION" +.PP +pam_localuser is a PAM module to help implementing site\-wide login policies, where they typically include a subset of the network\*(Aqs users and a few accounts that are local to a particular workstation\&. Using pam_localuser and pam_wheel or pam_listfile is an effective way to restrict access to either local users and/or a subset of the network\*(Aqs users\&. +.PP +This could also be implemented using pam_listfile\&.so and a very short awk script invoked by cron, but it\*(Aqs common enough to have been separated out\&. +.SH "OPTIONS" +.PP +.PP +\fBdebug\fR +.RS 4 +Print debug information\&. +.RE +.PP +\fBfile=\fR\fB\fI/path/passwd\fR\fR +.RS 4 +Use a file other than +/etc/passwd\&. +.RE +.SH "MODULE TYPES PROVIDED" +.PP +All module types (\fBaccount\fR, +\fBauth\fR, +\fBpassword\fR +and +\fBsession\fR) are provided\&. +.SH "RETURN VALUES" +.PP +.PP +PAM_SUCCESS +.RS 4 +The new localuser was set successfully\&. +.RE +.PP +PAM_SERVICE_ERR +.RS 4 +No username was given\&. +.RE +.PP +PAM_PERM_DENIED +.RS 4 +The user is not listed in the passwd file\&. +.RE +.SH "EXAMPLES" +.PP +Add the following lines to +/etc/pam\&.d/su +to allow only local users or group wheel to use su\&. +.sp +.if n \{\ +.RS 4 +.\} +.nf +account sufficient pam_localuser\&.so +account required pam_wheel\&.so + +.fi +.if n \{\ +.RE +.\} +.sp +.SH "FILES" +.PP +/etc/passwd +.RS 4 +Local user account information\&. +.RE +.SH "SEE ALSO" +.PP +\fBpam.conf\fR(5), +\fBpam.d\fR(5), +\fBpam\fR(8) +.SH "AUTHOR" +.PP +pam_localuser was written by Nalin Dahyabhai <nalin@redhat\&.com>\&. diff --git a/modules/pam_localuser/pam_localuser.8.xml b/modules/pam_localuser/pam_localuser.8.xml new file mode 100644 index 0000000..2a8b2e0 --- /dev/null +++ b/modules/pam_localuser/pam_localuser.8.xml @@ -0,0 +1,173 @@ +<?xml version="1.0" encoding='UTF-8'?> +<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN" + "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd"> + +<refentry id="pam_localuser"> + + <refmeta> + <refentrytitle>pam_localuser</refentrytitle> + <manvolnum>8</manvolnum> + <refmiscinfo class="sectdesc">Linux-PAM Manual</refmiscinfo> + </refmeta> + + <refnamediv id="pam_localuser-name"> + <refname>pam_localuser</refname> + <refpurpose>require users to be listed in /etc/passwd</refpurpose> + </refnamediv> + + <refsynopsisdiv> + <cmdsynopsis id="pam_localuser-cmdsynopsis"> + <command>pam_localuser.so</command> + <arg choice="opt"> + debug + </arg> + <arg choice="opt"> + file=<replaceable>/path/passwd</replaceable> + </arg> + </cmdsynopsis> + </refsynopsisdiv> + + <refsect1 id="pam_localuser-description"> + + <title>DESCRIPTION</title> + + <para> + pam_localuser is a PAM module to help implementing site-wide login + policies, where they typically include a subset of the network's + users and a few accounts that are local to a particular workstation. + Using pam_localuser and pam_wheel or pam_listfile is an effective + way to restrict access to either local users and/or a subset of the + network's users. + </para> + <para> + This could also be implemented using pam_listfile.so and a very + short awk script invoked by cron, but it's common enough to have + been separated out. + </para> + + </refsect1> + + <refsect1 id="pam_localuser-options"> + + <title>OPTIONS</title> + <para> + <variablelist> + + <varlistentry> + <term> + <option>debug</option> + </term> + <listitem> + <para> + Print debug information. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <option>file=<replaceable>/path/passwd</replaceable></option> + </term> + <listitem> + <para> + Use a file other than <filename>/etc/passwd</filename>. + </para> + </listitem> + </varlistentry> + + </variablelist> + + </para> + </refsect1> + + <refsect1 id="pam_localuser-types"> + <title>MODULE TYPES PROVIDED</title> + <para> + All module types (<option>account</option>, <option>auth</option>, + <option>password</option> and <option>session</option>) are provided. + </para> + </refsect1> + + <refsect1 id='pam_localuser-return_values'> + <title>RETURN VALUES</title> + <para> + <variablelist> + + <varlistentry> + <term>PAM_SUCCESS</term> + <listitem> + <para> + The new localuser was set successfully. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term>PAM_SERVICE_ERR</term> + <listitem> + <para> + No username was given. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term>PAM_PERM_DENIED</term> + <listitem> + <para> + The user is not listed in the passwd file. + </para> + </listitem> + </varlistentry> + + </variablelist> + </para> + </refsect1> + + <refsect1 id='pam_localuser-examples'> + <title>EXAMPLES</title> + <para> + Add the following lines to <filename>/etc/pam.d/su</filename> to + allow only local users or group wheel to use su. + <programlisting> +account sufficient pam_localuser.so +account required pam_wheel.so + </programlisting> + </para> + </refsect1> + + <refsect1 id="pam_localuser-files"> + <title>FILES</title> + <variablelist> + <varlistentry> + <term><filename>/etc/passwd</filename></term> + <listitem> + <para>Local user account information.</para> + </listitem> + </varlistentry> + </variablelist> + </refsect1> + + <refsect1 id='pam_localuser-see_also'> + <title>SEE ALSO</title> + <para> + <citerefentry> + <refentrytitle>pam.conf</refentrytitle><manvolnum>5</manvolnum> + </citerefentry>, + <citerefentry> + <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum> + </citerefentry>, + <citerefentry> + <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> + </citerefentry> + </para> + </refsect1> + + <refsect1 id='pam_localuser-author'> + <title>AUTHOR</title> + <para> + pam_localuser was written by Nalin Dahyabhai <nalin@redhat.com>. + </para> + </refsect1> + +</refentry> |