From de848d9e9146434817c65d74d1d0313e9d729462 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Sat, 27 Apr 2024 14:01:37 +0200 Subject: Adding upstream version 1.4.0. Signed-off-by: Daniel Baumann --- modules/pam_group/pam_group.8.xml | 162 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 162 insertions(+) create mode 100644 modules/pam_group/pam_group.8.xml (limited to 'modules/pam_group/pam_group.8.xml') diff --git a/modules/pam_group/pam_group.8.xml b/modules/pam_group/pam_group.8.xml new file mode 100644 index 0000000..2c1c905 --- /dev/null +++ b/modules/pam_group/pam_group.8.xml @@ -0,0 +1,162 @@ + + + + + + + pam_group + 8 + Linux-PAM Manual + + + + pam_group + + PAM module for group access + + + + + + + + pam_group.so + + + + + + DESCRIPTION + + The pam_group PAM module does not authenticate the user, but instead + it grants group memberships (in the credential setting phase of the + authentication module) to the user. Such memberships are based on the + service they are applying for. + + + By default rules for group memberships are taken from config file + /etc/security/group.conf. + + + This module's usefulness relies on the file-systems + accessible to the user. The point being that once granted the + membership of a group, the user may attempt to create a + setgid binary with a restricted group ownership. + Later, when the user is not given membership to this group, they can + recover group membership with the precompiled binary. The reason that + the file-systems that the user has access to are so significant, is the + fact that when a system is mounted nosuid the user + is unable to create or execute such a binary file. For this module to + provide any level of security, all file-systems that the user has write + access to should be mounted nosuid. + + + The pam_group module functions in parallel with the + /etc/group file. If the user is granted any groups + based on the behavior of this module, they are granted + in addition to those entries + /etc/group (or equivalent). + + + + + OPTIONS + This module does not recognise any options. + + + + MODULE TYPES PROVIDED + + Only the module type is provided. + + + + + RETURN VALUES + + + PAM_SUCCESS + + + group membership was granted. + + + + + PAM_ABORT + + + Not all relevant data could be gotten. + + + + + PAM_BUF_ERR + + + Memory buffer error. + + + + + PAM_CRED_ERR + + + Group membership was not granted. + + + + + PAM_IGNORE + + + pam_sm_authenticate was called which does nothing. + + + + + PAM_USER_UNKNOWN + + + The user is not known to the system. + + + + + + + + FILES + + + /etc/security/group.conf + + Default configuration file + + + + + + + SEE ALSO + + + group.conf5 + , + + pam.d5 + , + + pam8 + . + + + + + AUTHORS + + pam_group was written by Andrew G. Morgan <morgan@kernel.org>. + + + -- cgit v1.2.3