1PAM_WHEEL(8)                   Linux-PAM Manual                   PAM_WHEEL(8)
2
3
4

NAME

6       pam_wheel - Only permit root access to members of group wheel
7

SYNOPSIS

9       pam_wheel.so [debug] [deny] [group=name] [root_only] [trust] [use_uid]
10

DESCRIPTION

12       The pam_wheel PAM module is used to enforce the so-called wheel group.
13       By default it permits root access to the system if the applicant user
14       is a member of the wheel group. If no group with this name exist, the
15       module is using the group with the group-ID 0.
16

OPTIONS

18       debug
19          Print debug information.
20
21       deny
22          Reverse the sense of the auth operation: if the user is trying to
23          get UID 0 access and is a member of the wheel group (or the group of
24          the group option), deny access. Conversely, if the user is not in
25          the group, return PAM_IGNORE (unless trust was also specified, in
26          which case we return PAM_SUCCESS).
27
28       group=name
29          Instead of checking the wheel or GID 0 groups, use the name group to
30          perform the authentication.
31
32       root_only
33          The check for wheel membership is done only.
34
35       trust
36          The pam_wheel module will return PAM_SUCCESS instead of PAM_IGNORE
37          if the user is a member of the wheel group (thus with a little play
38          stacking the modules the wheel members may be able to su to root
39          without being prompted for a passwd).
40
41       use_uid
42          The check for wheel membership will be done against the current uid
43          instead of the original one (useful when jumping with su from one
44          account to another for example).
45

MODULE SERVICES PROVIDED

47       The auth and account services are supported.
48

RETURN VALUES

50       PAM_AUTH_ERR
51          Authentication failure.
52
53       PAM_BUF_ERR
54          Memory buffer error.
55
56       PAM_IGNORE
57          The return value should be ignored by PAM dispatch.
58
59       PAM_PERM_DENY
60          Permission denied.
61
62       PAM_SERVICE_ERR
63          Cannot determine the user name.
64
65       PAM_SUCCESS
66          Success.
67
68       PAM_USER_UNKNOWN
69          User not known.
70

EXAMPLES

72       The root account gains access by default (rootok), only wheel members
73       can become root (wheel) but Unix authenticate non-root applicants.
74
75          su      auth     sufficient     pam_rootok.so
76          su      auth     required       pam_wheel.so
77          su      auth     required       pam_unix.so
78
79
80

SEE ALSO

82       pam.conf(5), pam.d(8), pam(8)
83

AUTHOR

85       pam_wheel was written by Cristian Gafton <gafton@redhat.com>.
86
87
88
89Linux-PAM Manual                  06/09/2006                      PAM_WHEEL(8)
Impressum