Codex

PAM_WHEEL

Section: Linux-PAM Manual (8)

Updated: 09/19/2013

Index?action=index Return to Main Contents


NAME

pam_wheel - Only permit root access to members of group wheel

SYNOPSIS

:pam_wheel.so [debug] [deny] [group=name] [root_only] [trust]

DESCRIPTION

The pam_wheel PAM module is used to enforce the so-called wheel group. By default it permits root access to the system if the applicant user is a member of the wheel group. If no group with this name exist, the module is using the group with the group-ID 0.

OPTIONS

debug

Print debug information.

deny

Reverse the sense of the auth operation
if the user is trying to get UID 0 access and is a member of the wheel group (or the group of the group option), deny access. Conversely, if the user is not in the group, return PAM_IGNORE (unless trust was also specified, in which case we return PAM_SUCCESS).:

group=name

Instead of checking the wheel or GID 0 groups, use the name group to perform the authentication.

root_only

The check for wheel membership is done only.

trust

The pam_wheel module will return PAM_SUCCESS instead of PAM_IGNORE if the user is a member of the wheel group (thus with a little play stacking the modules the wheel members may be able to su to root without being prompted for a passwd).

MODULE TYPES PROVIDED

The auth and account module types are provided.

RETURN VALUES

PAM_AUTH_ERR

Authentication failure.

PAM_BUF_ERR

Memory buffer error.

PAM_IGNORE

The return value should be ignored by PAM dispatch.

PAM_PERM_DENY

Permission denied.

PAM_SERVICE_ERR

Cannot determine the user name.

PAM_SUCCESS

Success.

PAM_USER_UNKNOWN

User not known.

EXAMPLES

The root account gains access by default (rootok), only wheel members can become root (wheel) but Unix authenticate non-root applicants.

SEE ALSO

(5), (5), pam?(7)

AUTHOR

pam_wheel was written by Cristian Gafton <[email protected]>.


Index

NAME

SYNOPSIS

DESCRIPTION

OPTIONS

MODULE TYPES PROVIDED

RETURN VALUES

EXAMPLES

SEE ALSO

AUTHOR