|
Server : Apache System : Linux srv.rainic.com 4.18.0-553.47.1.el8_10.x86_64 #1 SMP Wed Apr 2 05:45:37 EDT 2025 x86_64 User : rainic ( 1014) PHP Version : 7.4.33 Disable Function : exec,passthru,shell_exec,system Directory : /usr/share/doc/pam/txts/ |
Upload File : |
pam_wheel -- Only permit root access to members of group wheel
--------------------------------------------------------------------------
DESCRIPTION
The pam_wheel PAM module is used to enforce the so-called wheel group. By
default it permits root access to the system if the applicant user is a
member of the wheel group. If no group with this name exist, the module is
using the group with the group-ID 0.
OPTIONS
debug
Print debug information.
deny
Reverse the sense of the auth operation: if the user is trying to
get UID 0 access and is a member of the wheel group (or the group
of the group option), deny access. Conversely, if the user is not
in the group, return PAM_IGNORE (unless trust was also specified,
in which case we return PAM_SUCCESS).
group=name
Instead of checking the wheel or GID 0 groups, use the name group
to perform the authentication.
root_only
The check for wheel membership is done only when the target user
UID is 0.
trust
The pam_wheel module will return PAM_SUCCESS instead of PAM_IGNORE
if the user is a member of the wheel group (thus with a little
play stacking the modules the wheel members may be able to su to
root without being prompted for a passwd).
use_uid
The check will be done against the real uid of the calling
process, instead of trying to obtain the user from the login
session associated with the terminal in use.
EXAMPLES
The root account gains access by default (rootok), only wheel members can
become root (wheel) but Unix authenticate non-root applicants.
su auth sufficient pam_rootok.so
su auth required pam_wheel.so
su auth required pam_unix.so
AUTHOR
pam_wheel was written by Cristian Gafton <gafton@redhat.com>.