From 5ab868cf378dd507deb5d65d48adab2cfaec2472 Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Sun, 4 Jun 2006 12:11:15 +0000 Subject: Relevant BUGIDs: Purpose of commit: new feature Commit summary: --------------- 2006-06-04 Thorsten Kukuk * modules/pam_rootok/Makefile.am: Include Make.xml.rules. * modules/pam_rootok/pam_rootok.8.xml: New. * modules/pam_rootok/pam_rootok.8: New, generated from xml file. * modules/pam_rootok/README.xml: New. * modules/pam_rootok/README: Regenerated from xml file. --- modules/pam_rootok/Makefile.am | 11 ++- modules/pam_rootok/README | 39 +++++++---- modules/pam_rootok/README.xml | 41 ++++++++++++ modules/pam_rootok/pam_rootok.8 | 77 +++++++++++++++++++++ modules/pam_rootok/pam_rootok.8.xml | 130 ++++++++++++++++++++++++++++++++++++ 5 files changed, 285 insertions(+), 13 deletions(-) create mode 100644 modules/pam_rootok/README.xml create mode 100644 modules/pam_rootok/pam_rootok.8 create mode 100644 modules/pam_rootok/pam_rootok.8.xml (limited to 'modules/pam_rootok') diff --git a/modules/pam_rootok/Makefile.am b/modules/pam_rootok/Makefile.am index f8e2d9c7..7a97f20f 100644 --- a/modules/pam_rootok/Makefile.am +++ b/modules/pam_rootok/Makefile.am @@ -4,7 +4,10 @@ CLEANFILES = *~ -EXTRA_DIST = README tst-pam_rootok +EXTRA_DIST = README $(MANS) $(XMLS) tst-pam_rootok + +man_MANS = pam_rootok.8 +XMLS = README.xml pam_rootok.8.xml TESTS = tst-pam_rootok @@ -22,3 +25,9 @@ if HAVE_VERSIONING endif securelib_LTLIBRARIES = pam_rootok.la + +if ENABLE_REGENERATE_MAN +noinst_DATA = README +README: pam_rootok.8.xml +-include $(top_srcdir)/Make.xml.rules +endif diff --git a/modules/pam_rootok/README b/modules/pam_rootok/README index cccb5ce1..55a44756 100644 --- a/modules/pam_rootok/README +++ b/modules/pam_rootok/README @@ -1,18 +1,33 @@ -# $Id$ -# +pam_rootok — Gain only root access -this module is an authentication module that performs one task: if the -id of the user is '0' then it returns 'PAM_SUCCESS' with the -'sufficient' /etc/pam.conf control flag it can be used to allow -password free access to some service for 'root' +━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ -Recognized arguments: +DESCRIPTION - debug write a message to syslog indicating success or - failure. +pam_rootok is a PAM module that authenticates the user if their UID is 0. +Applications that are created setuid-root generally retain the UID of the user +but run with the authority of an enhanced effective-UID. It is the real UID +that is checked. -module services provided: +OPTIONS - auth _authentication and _setcred (blank) +debug + + Print debug information. + +EXAMPLES + +In the case of the su(1) application the historical usage is to permit the +superuser to adopt the identity of a lesser user without the use of a password. +To obtain this behavior with PAM the following pair of lines are needed for the +corresponding entry in the /etc/pam.d/su configuration file: + +# su authentication. Root is granted access by default. +auth sufficient pam_rootok.so +auth required pam_unix.so + + +AUTHOR + +pam_rootok was written by Andrew G. Morgan, . -Andrew Morgan diff --git a/modules/pam_rootok/README.xml b/modules/pam_rootok/README.xml new file mode 100644 index 00000000..6fb58cd0 --- /dev/null +++ b/modules/pam_rootok/README.xml @@ -0,0 +1,41 @@ + + +--> +]> + +
+ + + + + <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" + href="pam_rootok.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_rootok-name"]/*)'/> + + + + +
+ +
+ +
+ +
+ +
+ +
+ +
+ +
+ +
diff --git a/modules/pam_rootok/pam_rootok.8 b/modules/pam_rootok/pam_rootok.8 new file mode 100644 index 00000000..b1436f79 --- /dev/null +++ b/modules/pam_rootok/pam_rootok.8 @@ -0,0 +1,77 @@ +.\" Title: pam_rootok +.\" Author: +.\" Generator: DocBook XSL Stylesheets v1.70.1 +.\" Date: 06/04/2006 +.\" Manual: Linux\-PAM Manual +.\" Source: Linux\-PAM Manual +.\" +.TH "PAM_ROOTOK" "8" "06/04/2006" "Linux\-PAM Manual" "Linux\-PAM Manual" +.\" disable hyphenation +.nh +.\" disable justification (adjust text to left margin only) +.ad l +.SH "NAME" +pam_rootok \- Gain only root access +.SH "SYNOPSIS" +.HP 14 +\fBpam_rootok.so\fR [debug] +.SH "DESCRIPTION" +.PP +pam_rootok is a PAM module that authenticates the user if their +\fIUID\fR +is +\fI0\fR. Applications that are created setuid\-root generally retain the +\fIUID\fR +of the user but run with the authority of an enhanced effective\-UID. It is the real +\fIUID\fR +that is checked. +.SH "OPTIONS" +.TP 3n +\fBdebug\fR +Print debug information. +.SH "MODULE SERVICES PROVIDED" +.PP +Only the +\fBauth\fR +service is supported. +.SH "RETURN VALUES" +.TP 3n +PAM_SUCCESS +The +\fIUID\fR +is +\fI0\fR. +.TP 3n +PAM_AUTH_ERR +The +\fIUID\fR +is +\fBnot\fR +\fI0\fR. +.SH "EXAMPLES" +.PP +In the case of the +\fBsu\fR(1) +application the historical usage is to permit the superuser to adopt the identity of a lesser user without the use of a password. To obtain this behavior with PAM the following pair of lines are needed for the corresponding entry in the +\fI/etc/pam.d/su\fR +configuration file: +.sp +.RS 3n +.nf +# su authentication. Root is granted access by default. +auth sufficient pam_rootok.so +auth required pam_unix.so + +.fi +.RE +.sp +.SH "SEE ALSO" +.PP + +\fBsu\fR(1), +\fBpam.conf\fR(5), +\fBpam.d\fR(8), +\fBpam\fR(8) +.SH "AUTHOR" +.PP +pam_rootok was written by Andrew G. Morgan, . diff --git a/modules/pam_rootok/pam_rootok.8.xml b/modules/pam_rootok/pam_rootok.8.xml new file mode 100644 index 00000000..ec8dee43 --- /dev/null +++ b/modules/pam_rootok/pam_rootok.8.xml @@ -0,0 +1,130 @@ + + + + + + + pam_rootok + 8 + Linux-PAM Manual + + + + pam_rootok + Gain only root access + + + + + pam_rootok.so + + debug + + + + + + + DESCRIPTION + + + pam_rootok is a PAM module that authenticates the user if their + UID is 0. + Applications that are created setuid-root generally retain the + UID of the user but run with the authority + of an enhanced effective-UID. It is the real UID + that is checked. + + + + + OPTIONS + + + + + + + + Print debug information. + + + + + + + + MODULE SERVICES PROVIDED + + Only the service is supported. + + + + + RETURN VALUES + + + PAM_SUCCESS + + + The UID is 0. + + + + + PAM_AUTH_ERR + + + The UID is not + 0. + + + + + + + + EXAMPLES + + In the case of the + su1 + application the historical usage is to + permit the superuser to adopt the identity of a lesser user + without the use of a password. To obtain this behavior with PAM + the following pair of lines are needed for the corresponding entry + in the /etc/pam.d/su configuration file: + +# su authentication. Root is granted access by default. +auth sufficient pam_rootok.so +auth required pam_unix.so + + + + + + SEE ALSO + + + su1 + , + + pam.conf5 + , + + pam.d8 + , + + pam8 + + + + + + AUTHOR + + pam_rootok was written by Andrew G. Morgan, <morgan@kernel.org>. + + + + -- cgit v1.2.3