From 9ada0093e92388590c7368600ca4e9e3e376f0d0 Mon Sep 17 00:00:00 2001
From: Daniel Baumann <daniel.baumann@progress-linux.org>
Date: Sun, 7 Apr 2024 16:22:51 +0200
Subject: Adding upstream version 1.5.2.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
---
 modules/pam_wheel/README | 61 ++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 61 insertions(+)
 create mode 100644 modules/pam_wheel/README

(limited to 'modules/pam_wheel/README')

diff --git a/modules/pam_wheel/README b/modules/pam_wheel/README
new file mode 100644
index 0000000..5dae4b6
--- /dev/null
+++ b/modules/pam_wheel/README
@@ -0,0 +1,61 @@
+pam_wheel — Only permit root access to members of group wheel
+
+━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
+
+DESCRIPTION
+
+The pam_wheel PAM module is used to enforce the so-called wheel group. By
+default it permits access to the target user if the applicant user is a member
+of the wheel group. If no group with this name exist, the module is using the
+group with the group-ID 0.
+
+OPTIONS
+
+debug
+
+    Print debug information.
+
+deny
+
+    Reverse the sense of the auth operation: if the user is trying to get UID 0
+    access and is a member of the wheel group (or the group of the group
+    option), deny access. Conversely, if the user is not in the group, return
+    PAM_IGNORE (unless trust was also specified, in which case we return
+    PAM_SUCCESS).
+
+group=name
+
+    Instead of checking the wheel or GID 0 groups, use the name group to
+    perform the authentication.
+
+root_only
+
+    The check for wheel membership is done only when the target user UID is 0.
+
+trust
+
+    The pam_wheel module will return PAM_SUCCESS instead of PAM_IGNORE if the
+    user is a member of the wheel group (thus with a little play stacking the
+    modules the wheel members may be able to su to root without being prompted
+    for a passwd).
+
+use_uid
+
+    The check will be done against the real uid of the calling process, instead
+    of trying to obtain the user from the login session associated with the
+    terminal in use.
+
+EXAMPLES
+
+The root account gains access by default (rootok), only wheel members can
+become root (wheel) but Unix authenticate non-root applicants.
+
+su      auth     sufficient     pam_rootok.so
+su      auth     required       pam_wheel.so
+su      auth     required       pam_unix.so
+
+
+AUTHOR
+
+pam_wheel was written by Cristian Gafton <gafton@redhat.com>.
+
-- 
cgit v1.2.3