diff options
Diffstat (limited to '')
| -rw-r--r-- | modules/pam_umask/pam_umask.8 | 176 | ||||
| -rw-r--r-- | modules/pam_umask/pam_umask.8.xml | 261 |
2 files changed, 437 insertions, 0 deletions
diff --git a/modules/pam_umask/pam_umask.8 b/modules/pam_umask/pam_umask.8 new file mode 100644 index 0000000..73a609f --- /dev/null +++ b/modules/pam_umask/pam_umask.8 @@ -0,0 +1,176 @@ +'\" t +.\" Title: pam_umask +.\" Author: [see the "AUTHOR" section] +.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/> +.\" Date: 09/03/2021 +.\" Manual: Linux-PAM Manual +.\" Source: Linux-PAM Manual +.\" Language: English +.\" +.TH "PAM_UMASK" "8" "09/03/2021" "Linux-PAM Manual" "Linux\-PAM Manual" +.\" ----------------------------------------------------------------- +.\" * Define some portability stuff +.\" ----------------------------------------------------------------- +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.\" http://bugs.debian.org/507673 +.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" ----------------------------------------------------------------- +.\" * set default formatting +.\" ----------------------------------------------------------------- +.\" disable hyphenation +.nh +.\" disable justification (adjust text to left margin only) +.ad l +.\" ----------------------------------------------------------------- +.\" * MAIN CONTENT STARTS HERE * +.\" ----------------------------------------------------------------- +.SH "NAME" +pam_umask \- PAM module to set the file mode creation mask +.SH "SYNOPSIS" +.HP \w'\fBpam_umask\&.so\fR\ 'u +\fBpam_umask\&.so\fR [debug] [silent] [usergroups] [nousergroups] [umask=\fImask\fR] +.SH "DESCRIPTION" +.PP +pam_umask is a PAM module to set the file mode creation mask of the current environment\&. The umask affects the default permissions assigned to newly created files\&. +.PP +The PAM module tries to get the umask value from the following places in the following order: +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +umask= entry in the user\*(Aqs GECOS field +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +umask= argument +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +UMASK entry from /etc/login\&.defs +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +UMASK= entry from /etc/default/login +.RE +.PP +The GECOS field is split on comma \*(Aq,\*(Aq characters\&. The module also in addition to the umask= entry recognizes pri= entry, which sets the nice priority value for the session, and ulimit= entry, which sets the maximum size of files the processes in the session can create\&. +.SH "OPTIONS" +.PP +.PP +\fBdebug\fR +.RS 4 +Print debug information\&. +.RE +.PP +\fBsilent\fR +.RS 4 +Don\*(Aqt print informative messages\&. +.RE +.PP +\fBusergroups\fR +.RS 4 +If the user is not root and the username is the same as primary group name, the umask group bits are set to be the same as owner bits (examples: 022 \-> 002, 077 \-> 007)\&. +.RE +.PP +\fBnousergroups\fR +.RS 4 +This is the direct opposite of the usergroups option described above, which can be useful in case pam_umask has been compiled with usergroups enabled by default and you want to disable it at runtime\&. +.RE +.PP +\fBumask=\fR\fB\fImask\fR\fR +.RS 4 +Sets the calling process\*(Aqs file mode creation mask (umask) to +\fBmask\fR +& 0777\&. The value is interpreted as Octal\&. +.RE +.SH "MODULE TYPES PROVIDED" +.PP +Only the +\fBsession\fR +type is provided\&. +.SH "RETURN VALUES" +.PP +.PP +PAM_SUCCESS +.RS 4 +The new umask was set successfully\&. +.RE +.PP +PAM_BUF_ERR +.RS 4 +Memory buffer error\&. +.RE +.PP +PAM_CONV_ERR +.RS 4 +The conversation method supplied by the application failed to obtain the username\&. +.RE +.PP +PAM_INCOMPLETE +.RS 4 +The conversation method supplied by the application returned PAM_CONV_AGAIN\&. +.RE +.PP +PAM_SERVICE_ERR +.RS 4 +No username was given\&. +.RE +.PP +PAM_USER_UNKNOWN +.RS 4 +User not known\&. +.RE +.SH "EXAMPLES" +.PP +Add the following line to +/etc/pam\&.d/login +to set the user specific umask at login: +.sp +.if n \{\ +.RS 4 +.\} +.nf + session optional pam_umask\&.so umask=0022 + +.fi +.if n \{\ +.RE +.\} +.sp +.SH "SEE ALSO" +.PP +\fBpam.conf\fR(5), +\fBpam.d\fR(5), +\fBpam\fR(8) +.SH "AUTHOR" +.PP +pam_umask was written by Thorsten Kukuk <kukuk@thkukuk\&.de>\&. diff --git a/modules/pam_umask/pam_umask.8.xml b/modules/pam_umask/pam_umask.8.xml new file mode 100644 index 0000000..7c4a310 --- /dev/null +++ b/modules/pam_umask/pam_umask.8.xml @@ -0,0 +1,261 @@ +<?xml version="1.0" encoding='UTF-8'?> +<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN" + "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd"> + +<refentry id="pam_umask"> + + <refmeta> + <refentrytitle>pam_umask</refentrytitle> + <manvolnum>8</manvolnum> + <refmiscinfo class="sectdesc">Linux-PAM Manual</refmiscinfo> + </refmeta> + + <refnamediv id="pam_umask-name"> + <refname>pam_umask</refname> + <refpurpose>PAM module to set the file mode creation mask</refpurpose> + </refnamediv> + + <refsynopsisdiv> + <cmdsynopsis id="pam_umask-cmdsynopsis"> + <command>pam_umask.so</command> + <arg choice="opt"> + debug + </arg> + <arg choice="opt"> + silent + </arg> + <arg choice="opt"> + usergroups + </arg> + <arg choice="opt"> + nousergroups + </arg> + <arg choice="opt"> + umask=<replaceable>mask</replaceable> + </arg> + </cmdsynopsis> + </refsynopsisdiv> + + <refsect1 id="pam_umask-description"> + + <title>DESCRIPTION</title> + + <para> + pam_umask is a PAM module to set the file mode creation mask + of the current environment. The umask affects the default + permissions assigned to newly created files. + </para> + <para> + The PAM module tries to get the umask value from the + following places in the following order: + <itemizedlist> + <listitem> + <para> + umask= entry in the user's GECOS field + </para> + </listitem> + <listitem> + <para> + umask= argument + </para> + </listitem> + <listitem> + <para> + UMASK entry from /etc/login.defs + </para> + </listitem> + <listitem> + <para> + UMASK= entry from /etc/default/login + </para> + </listitem> + </itemizedlist> + </para> + <para> + The GECOS field is split on comma ',' characters. The module + also in addition to the umask= entry recognizes pri= entry, + which sets the nice priority value for the session, and + ulimit= entry, which sets the maximum size of files the processes + in the session can create. + </para> + + </refsect1> + + <refsect1 id="pam_umask-options"> + + <title>OPTIONS</title> + <para> + <variablelist> + + <varlistentry> + <term> + <option>debug</option> + </term> + <listitem> + <para> + Print debug information. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <option>silent</option> + </term> + <listitem> + <para> + Don't print informative messages. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <option>usergroups</option> + </term> + <listitem> + <para> + If the user is not root and the username is the same as + primary group name, the umask group bits are set to be the + same as owner bits (examples: 022 -> 002, 077 -> 007). + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <option>nousergroups</option> + </term> + <listitem> + <para> + This is the direct opposite of the usergroups option described above, + which can be useful in case pam_umask has been compiled with + usergroups enabled by default and you want to disable it at runtime. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <option>umask=<replaceable>mask</replaceable></option> + </term> + <listitem> + <para> + Sets the calling process's file mode creation mask (umask) + to <option>mask</option> & 0777. The value is interpreted + as Octal. + </para> + </listitem> + </varlistentry> + + </variablelist> + + </para> + </refsect1> + + <refsect1 id="pam_umask-types"> + <title>MODULE TYPES PROVIDED</title> + <para> + Only the <option>session</option> type is provided. + </para> + </refsect1> + + <refsect1 id='pam_umask-return_values'> + <title>RETURN VALUES</title> + <para> + <variablelist> + + <varlistentry> + <term>PAM_SUCCESS</term> + <listitem> + <para> + The new umask was set successfully. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term>PAM_BUF_ERR</term> + <listitem> + <para> + Memory buffer error. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term>PAM_CONV_ERR</term> + <listitem> + <para> + The conversation method supplied by the application + failed to obtain the username. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term>PAM_INCOMPLETE</term> + <listitem> + <para> + The conversation method supplied by the application + returned PAM_CONV_AGAIN. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term>PAM_SERVICE_ERR</term> + <listitem> + <para> + No username was given. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term>PAM_USER_UNKNOWN</term> + <listitem> + <para> + User not known. + </para> + </listitem> + </varlistentry> + + </variablelist> + </para> + </refsect1> + + <refsect1 id='pam_umask-examples'> + <title>EXAMPLES</title> + <para> + Add the following line to <filename>/etc/pam.d/login</filename> to + set the user specific umask at login: + <programlisting> + session optional pam_umask.so umask=0022 + </programlisting> + </para> + </refsect1> + + <refsect1 id='pam_umask-see_also'> + <title>SEE ALSO</title> + <para> + <citerefentry> + <refentrytitle>pam.conf</refentrytitle><manvolnum>5</manvolnum> + </citerefentry>, + <citerefentry> + <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum> + </citerefentry>, + <citerefentry> + <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> + </citerefentry> + </para> + </refsect1> + + <refsect1 id='pam_umask-author'> + <title>AUTHOR</title> + <para> + pam_umask was written by Thorsten Kukuk <kukuk@thkukuk.de>. + </para> + </refsect1> + +</refentry> |