1SEPERMIT.CONF(5)               Linux-PAM Manual               SEPERMIT.CONF(5)
2
3
4

NAME

6       sepermit.conf - configuration file for the pam_sepermit module
7

DESCRIPTION

9       The lines of the configuration file have the following syntax:
10
11       <user>[:<option>:<option>...]
12
13       The user can be specified in the following manner:
14
15       ·   a username
16
17       ·   a groupname, with @group syntax. This should not be confused with
18           netgroups.
19
20       ·   a SELinux user name with %seuser syntax.
21
22       The recognized options are:
23
24       exclusive
25           Only single login session will be allowed for the user and the
26           user's processes will be killed on logout.
27
28       ignore
29           The module will never return PAM_SUCCESS status for the user. It
30           will return PAM_IGNORE if SELinux is in the enforcing mode, and
31           PAM_AUTH_ERR otherwise. It is useful if you want to support
32           passwordless guest users and other confined users with passwords
33           simultaneously.
34
35       The lines which start with # character are comments and are ignored.
36

EXAMPLES

38       These are some example lines which might be specified in
39       /etc/security/sepermit.conf.
40
41           %guest_u:exclusive
42           %staff_u:ignore
43           %user_u:ignore
44
45

SEE ALSO

47       pam_sepermit(8), pam.d(5), pam(8), selinux(8),
48

AUTHOR

50       pam_sepermit and this manual page were written by Tomas Mraz
51       <tmraz@redhat.com>
52
53
54
55Linux-PAM Manual                  05/18/2017                  SEPERMIT.CONF(5)
Impressum