162 lines
2.9 KiB
HTML
162 lines
2.9 KiB
HTML
|
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
|
|
<HTML><HEAD><TITLE>Man page of PAM_ROOTOK</TITLE>
|
|
</HEAD><BODY>
|
|
<H1>PAM_ROOTOK</H1>
|
|
Section: Linux-PAM Manual (8)<BR>Updated: 05/18/2017<BR><A HREF="#index">Index</A>
|
|
<A HREF="/cgi-bin/man/man2html">Return to Main Contents</A><HR>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<A NAME="lbAB"> </A>
|
|
<H2>NAME</H2>
|
|
|
|
pam_rootok - Gain only root access
|
|
<A NAME="lbAC"> </A>
|
|
<H2>SYNOPSIS</H2>
|
|
|
|
<DL COMPACT>
|
|
<DT id="1">
|
|
<B>pam_rootok.so</B> [debug]
|
|
</DL>
|
|
<A NAME="lbAD"> </A>
|
|
<H2>DESCRIPTION</H2>
|
|
|
|
<P>
|
|
|
|
<DD>pam_rootok is a PAM module that authenticates the user if their
|
|
<I>UID</I>
|
|
is
|
|
<I>0</I>. Applications that are created setuid-root generally retain the
|
|
<I>UID</I>
|
|
of the user but run with the authority of an enhanced effective-UID. It is the real
|
|
<I>UID</I>
|
|
that is checked.
|
|
<A NAME="lbAE"> </A>
|
|
<H2>OPTIONS</H2>
|
|
|
|
<P>
|
|
|
|
<B>debug</B>
|
|
<DL COMPACT><DT id="2"><DD>
|
|
Print debug information.
|
|
</DL>
|
|
|
|
<A NAME="lbAF"> </A>
|
|
<H2>MODULE TYPES PROVIDED</H2>
|
|
|
|
<P>
|
|
|
|
The
|
|
<B>auth</B>,
|
|
<B>acct</B>
|
|
and
|
|
<B>password</B>
|
|
module types are provided.
|
|
<A NAME="lbAG"> </A>
|
|
<H2>RETURN VALUES</H2>
|
|
|
|
<P>
|
|
|
|
PAM_SUCCESS
|
|
<DL COMPACT><DT id="3"><DD>
|
|
The
|
|
<I>UID</I>
|
|
is
|
|
<I>0</I>.
|
|
</DL>
|
|
|
|
<P>
|
|
|
|
PAM_AUTH_ERR
|
|
<DL COMPACT><DT id="4"><DD>
|
|
The
|
|
<I>UID</I>
|
|
is
|
|
<B>not</B><I>0</I>.
|
|
</DL>
|
|
|
|
<A NAME="lbAH"> </A>
|
|
<H2>EXAMPLES</H2>
|
|
|
|
<P>
|
|
|
|
In the case of the
|
|
<B><A HREF="/cgi-bin/man/man2html?1+su">su</A></B>(1)
|
|
application the historical usage is to permit the superuser to adopt the identity of a lesser user without the use of a password. To obtain this behavior with PAM the following pair of lines are needed for the corresponding entry in the
|
|
/etc/pam.d/su
|
|
configuration file:
|
|
<P>
|
|
<DL COMPACT><DT id="5"><DD>
|
|
|
|
|
|
|
|
<PRE>
|
|
# su authentication. Root is granted access by default.
|
|
auth sufficient pam_rootok.so
|
|
auth required pam_unix.so
|
|
|
|
</PRE>
|
|
|
|
</DL>
|
|
|
|
|
|
|
|
|
|
<P>
|
|
<A NAME="lbAI"> </A>
|
|
<H2>SEE ALSO</H2>
|
|
|
|
<P>
|
|
|
|
<B><A HREF="/cgi-bin/man/man2html?1+su">su</A></B>(1),
|
|
<B><A HREF="/cgi-bin/man/man2html?5+pam.conf">pam.conf</A></B>(5),
|
|
<B><A HREF="/cgi-bin/man/man2html?5+pam.d">pam.d</A></B>(5),
|
|
<B><A HREF="/cgi-bin/man/man2html?7+pam">pam</A></B>(7)
|
|
<A NAME="lbAJ"> </A>
|
|
<H2>AUTHOR</H2>
|
|
|
|
<P>
|
|
|
|
pam_rootok was written by Andrew G. Morgan, <<A HREF="mailto:morgan@kernel.org">morgan@kernel.org</A>>.
|
|
<P>
|
|
|
|
<HR>
|
|
<A NAME="index"> </A><H2>Index</H2>
|
|
<DL>
|
|
<DT id="6"><A HREF="#lbAB">NAME</A><DD>
|
|
<DT id="7"><A HREF="#lbAC">SYNOPSIS</A><DD>
|
|
<DT id="8"><A HREF="#lbAD">DESCRIPTION</A><DD>
|
|
<DT id="9"><A HREF="#lbAE">OPTIONS</A><DD>
|
|
<DT id="10"><A HREF="#lbAF">MODULE TYPES PROVIDED</A><DD>
|
|
<DT id="11"><A HREF="#lbAG">RETURN VALUES</A><DD>
|
|
<DT id="12"><A HREF="#lbAH">EXAMPLES</A><DD>
|
|
<DT id="13"><A HREF="#lbAI">SEE ALSO</A><DD>
|
|
<DT id="14"><A HREF="#lbAJ">AUTHOR</A><DD>
|
|
</DL>
|
|
<HR>
|
|
This document was created by
|
|
<A HREF="/cgi-bin/man/man2html">man2html</A>,
|
|
using the manual pages.<BR>
|
|
Time: 00:06:14 GMT, March 31, 2021
|
|
</BODY>
|
|
</HTML>
|