diff options
Diffstat (limited to 'modules/pam_rootok/pam_rootok.8.xml')
| -rw-r--r-- | modules/pam_rootok/pam_rootok.8.xml | 131 |
1 files changed, 131 insertions, 0 deletions
diff --git a/modules/pam_rootok/pam_rootok.8.xml b/modules/pam_rootok/pam_rootok.8.xml new file mode 100644 index 0000000..6f44b84 --- /dev/null +++ b/modules/pam_rootok/pam_rootok.8.xml @@ -0,0 +1,131 @@ +<?xml version="1.0" encoding='UTF-8'?> +<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN" + "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd"> + +<refentry id="pam_rootok"> + + <refmeta> + <refentrytitle>pam_rootok</refentrytitle> + <manvolnum>8</manvolnum> + <refmiscinfo class="sectdesc">Linux-PAM Manual</refmiscinfo> + </refmeta> + + <refnamediv id="pam_rootok-name"> + <refname>pam_rootok</refname> + <refpurpose>Gain only root access</refpurpose> + </refnamediv> + + <refsynopsisdiv> + <cmdsynopsis id="pam_rootok-cmdsynopsis"> + <command>pam_rootok.so</command> + <arg choice="opt"> + debug + </arg> + </cmdsynopsis> + </refsynopsisdiv> + + <refsect1 id="pam_rootok-description"> + + <title>DESCRIPTION</title> + + <para> + pam_rootok is a PAM module that authenticates the user if their + <emphasis>UID</emphasis> is <emphasis>0</emphasis>. + Applications that are created setuid-root generally retain the + <emphasis>UID</emphasis> of the user but run with the authority + of an enhanced effective-UID. It is the real <emphasis>UID</emphasis> + that is checked. + </para> + </refsect1> + + <refsect1 id="pam_rootok-options"> + <title>OPTIONS</title> + <variablelist> + <varlistentry> + <term> + <option>debug</option> + </term> + <listitem> + <para> + Print debug information. + </para> + </listitem> + </varlistentry> + </variablelist> + </refsect1> + + <refsect1 id="pam_rootok-types"> + <title>MODULE TYPES PROVIDED</title> + <para> + The <option>auth</option>, <option>acct</option> and + <option>password</option> module types are provided. + </para> + </refsect1> + + <refsect1 id='pam_rootok-return_values'> + <title>RETURN VALUES</title> + <variablelist> + <varlistentry> + <term>PAM_SUCCESS</term> + <listitem> + <para> + The <emphasis>UID</emphasis> is <emphasis>0</emphasis>. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term>PAM_AUTH_ERR</term> + <listitem> + <para> + The <emphasis>UID</emphasis> is <emphasis remap='B'>not</emphasis> + <emphasis>0</emphasis>. + </para> + </listitem> + </varlistentry> + </variablelist> + </refsect1> + + <refsect1 id='pam_rootok-examples'> + <title>EXAMPLES</title> + <para> + In the case of the <citerefentry> + <refentrytitle>su</refentrytitle><manvolnum>1</manvolnum> + </citerefentry> application the historical usage is to + permit the superuser to adopt the identity of a lesser user + without the use of a password. To obtain this behavior with PAM + the following pair of lines are needed for the corresponding entry + in the <filename>/etc/pam.d/su</filename> configuration file: + <programlisting> +# su authentication. Root is granted access by default. +auth sufficient pam_rootok.so +auth required pam_unix.so + </programlisting> + </para> + </refsect1> + + <refsect1 id='pam_rootok-see_also'> + <title>SEE ALSO</title> + <para> + <citerefentry> + <refentrytitle>su</refentrytitle><manvolnum>1</manvolnum> + </citerefentry>, + <citerefentry> + <refentrytitle>pam.conf</refentrytitle><manvolnum>5</manvolnum> + </citerefentry>, + <citerefentry> + <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum> + </citerefentry>, + <citerefentry> + <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> + </citerefentry> + </para> + </refsect1> + + <refsect1 id='pam_rootok-author'> + <title>AUTHOR</title> + <para> + pam_rootok was written by Andrew G. Morgan, <morgan@kernel.org>. + </para> + </refsect1> + +</refentry> |