1PAM_WHEEL(8)                   Linux-PAM Manual                   PAM_WHEEL(8)
2
3
4

NAME

6       pam_wheel - Only permit root access to members of group wheel
7

SYNOPSIS

9       pam_wheel.so [debug] [deny] [group=name] [root_only] [trust] [use_uid]
10

DESCRIPTION

12       The pam_wheel PAM module is used to enforce the so-called wheel group.
13       By default it permits access to the target user if the applicant user
14       is a member of the wheel group. If no group with this name exist, the
15       module is using the group with the group-ID 0.
16

OPTIONS

18       debug
19           Print debug information.
20
21       deny
22           Reverse the sense of the auth operation: if the user is trying to
23           get UID 0 access and is a member of the wheel group (or the group
24           of the group option), deny access. Conversely, if the user is not
25           in the group, return PAM_IGNORE (unless trust was also specified,
26           in which case we return PAM_SUCCESS).
27
28       group=name
29           Instead of checking the wheel or GID 0 groups, use the name group
30           to perform the authentication.
31
32       root_only
33           The check for wheel membership is done only when the target user
34           UID is 0.
35
36       trust
37           The pam_wheel module will return PAM_SUCCESS instead of PAM_IGNORE
38           if the user is a member of the wheel group (thus with a little play
39           stacking the modules the wheel members may be able to su to root
40           without being prompted for a passwd).
41
42       use_uid
43           The check will be done against the real uid of the calling process,
44           instead of trying to obtain the user from the login session
45           associated with the terminal in use.
46

MODULE TYPES PROVIDED

48       The auth and account module types are provided.
49

RETURN VALUES

51       PAM_AUTH_ERR
52           Authentication failure.
53
54       PAM_BUF_ERR
55           Memory buffer error.
56
57       PAM_IGNORE
58           The return value should be ignored by PAM dispatch.
59
60       PAM_PERM_DENY
61           Permission denied.
62
63       PAM_SERVICE_ERR
64           Cannot determine the user name.
65
66       PAM_SUCCESS
67           Success.
68
69       PAM_USER_UNKNOWN
70           User not known.
71

EXAMPLES

73       The root account gains access by default (rootok), only wheel members
74       can become root (wheel) but Unix authenticate non-root applicants.
75
76           su      auth     sufficient     pam_rootok.so
77           su      auth     required       pam_wheel.so
78           su      auth     required       pam_unix.so
79
80
81

SEE ALSO

83       pam.conf(5), pam.d(5), pam(8)
84

AUTHOR

86       pam_wheel was written by Cristian Gafton <gafton@redhat.com>.
87
88
89
90Linux-PAM                         05/07/2023                      PAM_WHEEL(8)
Impressum