1PAM_LOCALUSER(8) Linux-PAM Manual PAM_LOCALUSER(8)
2
3
4
6 pam_localuser - require users to be listed in /etc/passwd
7
9 pam_localuser.so [debug] [file=/path/passwd]
10
12 pam_localuser is a PAM module to help implementing site-wide login
13 policies, where they typically include a subset of the network's users
14 and a few accounts that are local to a particular workstation. Using
15 pam_localuser and pam_wheel or pam_listfile is an effective way to
16 restrict access to either local users and/or a subset of the network's
17 users.
18
19 This could also be implemented using pam_listfile.so and a very short
20 awk script invoked by cron, but it's common enough to have been
21 separated out.
22
24 debug
25 Print debug information.
26
27 file=/path/passwd
28 Use a file other than /etc/passwd.
29
31 All module types (account, auth, password and session) are provided.
32
34 PAM_SUCCESS
35 The new localuser was set successfully.
36
37 PAM_SERVICE_ERR
38 No username was given.
39
40 PAM_PERM_DENIED
41 The user is not listed in the passwd file.
42
44 Add the following lines to /etc/pam.d/su to allow only local users or
45 group wheel to use su.
46
47 account sufficient pam_localuser.so
48 account required pam_wheel.so
49
50
51
53 /etc/passwd
54 Local user account information.
55
57 pam.conf(5), pam.d(5), pam(8)
58
60 pam_localuser was written by Nalin Dahyabhai <nalin@redhat.com>.
61
62
63
64Linux-PAM Manual 05/18/2017 PAM_LOCALUSER(8)