From 26367bfc399cb3862f94ddca8fce87f98f26d67e Mon Sep 17 00:00:00 2001
From: Daniel Baumann <daniel.baumann@progress-linux.org>
Date: Mon, 6 May 2024 03:38:36 +0200
Subject: Adding upstream version 1.3.1.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
---
 modules/pam_loginuid/pam_loginuid.8.xml | 142 ++++++++++++++++++++++++++++++++
 1 file changed, 142 insertions(+)
 create mode 100644 modules/pam_loginuid/pam_loginuid.8.xml

(limited to 'modules/pam_loginuid/pam_loginuid.8.xml')

diff --git a/modules/pam_loginuid/pam_loginuid.8.xml b/modules/pam_loginuid/pam_loginuid.8.xml
new file mode 100644
index 0000000..9513b0e
--- /dev/null
+++ b/modules/pam_loginuid/pam_loginuid.8.xml
@@ -0,0 +1,142 @@
+<?xml version="1.0" encoding='UTF-8'?>
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
+	"http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
+
+<refentry id="pam_loginuid">
+
+  <refmeta>
+    <refentrytitle>pam_loginuid</refentrytitle>
+    <manvolnum>8</manvolnum>
+    <refmiscinfo class="sectdesc">Linux-PAM Manual</refmiscinfo>
+  </refmeta>
+
+  <refnamediv id="pam_loginuid-name">
+    <refname>pam_loginuid</refname>
+    <refpurpose>Record user's login uid to the process attribute</refpurpose>
+  </refnamediv>
+
+  <refsynopsisdiv>
+    <cmdsynopsis id="pam_loginuid-cmdsynopsis">
+      <command>pam_loginuid.so</command>
+      <arg choice="opt">
+        require_auditd
+      </arg>
+    </cmdsynopsis>
+  </refsynopsisdiv>
+
+  <refsect1 id="pam_loginuid-description">
+
+    <title>DESCRIPTION</title>
+
+    <para>
+      The pam_loginuid module sets the loginuid process attribute for the
+      process that was authenticated. This is necessary for applications
+      to be correctly audited. This PAM module should only be used for entry
+      point applications like: login, sshd, gdm, vsftpd, crond and atd.
+      There are probably other entry point applications besides these.
+      You should not use it for applications like sudo or su as that
+      defeats the purpose by changing the loginuid to the account they just
+      switched to.
+    </para>
+  </refsect1>
+
+  <refsect1 id="pam_loginuid-options">
+    <title>OPTIONS</title>
+    <variablelist>
+      <varlistentry>
+        <term>
+          <option>require_auditd</option>
+        </term>
+        <listitem>
+          <para>
+            This option, when given, will cause this module to query
+            the audit daemon status and deny logins if it is not running.
+          </para>
+        </listitem>
+      </varlistentry>
+    </variablelist>
+  </refsect1>
+
+  <refsect1 id="pam_loginuid-types">
+    <title>MODULE TYPES PROVIDED</title>
+    <para>
+      Only the <option>session</option> module type is provided.
+    </para>
+  </refsect1>
+
+  <refsect1 id='pam_loginuid-return_values'>
+    <title>RETURN VALUES</title>
+    <para>
+      <variablelist>
+        <varlistentry>
+          <term>PAM_SUCCESS</term>
+          <listitem>
+            <para>
+              The loginuid value is set and auditd is running if check requested.
+            </para>
+          </listitem>
+        </varlistentry>
+        <varlistentry>
+          <term>PAM_IGNORE</term>
+          <listitem>
+            <para>
+              The /proc/self/loginuid file is not present on the system or the
+              login process runs inside uid namespace and kernel does not support
+              overwriting loginuid.
+            </para>
+          </listitem>
+        </varlistentry>
+        <varlistentry>
+          <term>PAM_SESSION_ERR</term>
+          <listitem>
+            <para>
+              Any other error prevented setting loginuid or auditd is not running.
+            </para>
+          </listitem>
+        </varlistentry>
+      </variablelist>
+    </para>
+  </refsect1>
+
+  <refsect1 id='pam_loginuid-examples'>
+    <title>EXAMPLES</title>
+    <programlisting>
+#%PAM-1.0
+auth       required     pam_unix.so
+auth       required     pam_nologin.so
+account    required     pam_unix.so
+password   required     pam_unix.so
+session    required     pam_unix.so
+session    required     pam_loginuid.so
+    </programlisting>
+  </refsect1>
+
+  <refsect1 id='pam_loginuid-see_also'>
+    <title>SEE ALSO</title>
+    <para>
+      <citerefentry>
+	<refentrytitle>pam.conf</refentrytitle><manvolnum>5</manvolnum>
+      </citerefentry>,
+      <citerefentry>
+	<refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum>
+      </citerefentry>,
+      <citerefentry>
+	<refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum>
+      </citerefentry>,
+      <citerefentry>
+	<refentrytitle>auditctl</refentrytitle><manvolnum>8</manvolnum>
+      </citerefentry>,
+      <citerefentry>
+	<refentrytitle>auditd</refentrytitle><manvolnum>8</manvolnum>
+      </citerefentry>
+    </para>
+  </refsect1>
+
+  <refsect1 id='pam_loginuid-author'>
+    <title>AUTHOR</title>
+      <para>
+        pam_loginuid was written by Steve Grubb &lt;sgrubb@redhat.com&gt;
+      </para>
+  </refsect1>
+
+</refentry>
-- 
cgit v1.2.3