from small one page howto to huge articles all in one place
 

search text in:





Poll
Which kernel version do you use?





poll results

Last additions:
using iotop to find disk usage hogs

using iotop to find disk usage hogs

words:

887

views:

195651

userrating:

average rating: 1.7 (102 votes) (1=very good 6=terrible)

May 25th. 2007:
Words

486

Views

252057

why adblockers are bad

Workaround and fixes for the current Core Dump Handling vulnerability affected kernels

Workaround and fixes for the current Core Dump Handling vulnerability affected kernels

words:

161

views:

140921

userrating:

average rating: 1.4 (42 votes) (1=very good 6=terrible)

April, 26th. 2006:
Words

38

Views

100785

New subdomain: toolsntoys.linuxhowtos.org

Druckversion
You are here: manpages





PAM_WHEEL

Section: Linux\-PAM Manual (8)
Updated: 04/19/2016
Index Return to Main Contents
 

NAME

pam_wheel - Only permit root access to members of group wheel  

SYNOPSIS

pam_wheel.so [debug] [deny] [group=name] [root_only] [trust] [use_uid]
 

DESCRIPTION

The pam_wheel PAM module is used to enforce the so-called wheel group. By default it permits root access to the system if the applicant user is a member of the wheel group. If no group with this name exist, the module is using the group with the group-ID 0.  

OPTIONS

debug

Print debug information.

deny

Reverse the sense of the auth operation: if the user is trying to get UID 0 access and is a member of the wheel group (or the group of the group option), deny access. Conversely, if the user is not in the group, return PAM_IGNORE (unless trust was also specified, in which case we return PAM_SUCCESS).

group=name

Instead of checking the wheel or GID 0 groups, use the name group to perform the authentication.

root_only

The check for wheel membership is done only when the target user UID is 0.

trust

The pam_wheel module will return PAM_SUCCESS instead of PAM_IGNORE if the user is a member of the wheel group (thus with a little play stacking the modules the wheel members may be able to su to root without being prompted for a passwd).

use_uid

The check for wheel membership will be done against the current uid instead of the original one (useful when jumping with su from one account to another for example).
 

MODULE TYPES PROVIDED

The auth and account module types are provided.  

RETURN VALUES

PAM_AUTH_ERR

Authentication failure.

PAM_BUF_ERR

Memory buffer error.

PAM_IGNORE

The return value should be ignored by PAM dispatch.

PAM_PERM_DENY

Permission denied.

PAM_SERVICE_ERR

Cannot determine the user name.

PAM_SUCCESS

Success.

PAM_USER_UNKNOWN

User not known.
 

EXAMPLES

The root account gains access by default (rootok), only wheel members can become root (wheel) but Unix authenticate non-root applicants. 

su      auth     sufficient     pam_rootok.so
su      auth     required       pam_wheel.so
su      auth     required       pam_unix.so

 

SEE ALSO

pam.conf(5), pam.d(5), pam(8)  

AUTHOR

pam_wheel was written by Cristian Gafton <gafton@redhat.com>.

 

Index

NAME
SYNOPSIS
DESCRIPTION
OPTIONS
MODULE TYPES PROVIDED
RETURN VALUES
EXAMPLES
SEE ALSO
AUTHOR





Support us on Content Nation
rdf newsfeed | rss newsfeed | Atom newsfeed
- Powered by LeopardCMS - Running on Gentoo -
Copyright 2004-2020 Sascha Nitsch Unternehmensberatung GmbH
Valid XHTML1.1 : Valid CSS : buttonmaker
- Level Triple-A Conformance to Web Content Accessibility Guidelines 1.0 -
- Copyright and legal notices -
Time to create this page: 16.1 ms