1SEPERMIT.CONF(5) Linux-PAM Manual SEPERMIT.CONF(5)
2
3
4
6 sepermit.conf - configuration file for the pam_sepermit module
7
9 The lines of the configuration file have the following syntax:
10
11 <user>[:<option>:<option>...]
12
13 The user can be specified in the following manner:
14
15 · a username
16
17 · a groupname, with @group syntax. This should not be confused with
18 netgroups.
19
20 · a SELinux user name with %seuser syntax.
21
22 The recognized options are:
23
24 exclusive
25 Only single login session will be allowed for the user and the
26 user's processes will be killed on logout.
27
28 ignore
29 The module will never return PAM_SUCCESS status for the user. It
30 will return PAM_IGNORE if SELinux is in the enforcing mode, and
31 PAM_AUTH_ERR otherwise. It is useful if you want to support
32 passwordless guest users and other confined users with passwords
33 simultaneously.
34
35 The lines which start with # character are comments and are ignored.
36
38 These are some example lines which might be specified in
39 /etc/security/sepermit.conf.
40
41 %guest_u:exclusive
42 %staff_u:ignore
43 %user_u:ignore
44
45
47 pam_sepermit(8), pam.d(5), pam(8), selinux(8),
48
50 pam_sepermit and this manual page were written by Tomas Mraz
51 <tmraz@redhat.com>
52
53
54
55Linux-PAM Manual 06/08/2020 SEPERMIT.CONF(5)