modules/pam_shells/pam_shells.8.xml


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122

<refentry xmlns="http://docbook.org/ns/docbook" version="5.0" xml:id="pam_shells">

  <refmeta>
    <refentrytitle>pam_shells</refentrytitle>
    <manvolnum>8</manvolnum>
    <refmiscinfo class="source">Linux-PAM</refmiscinfo>
    <refmiscinfo class="manual">Linux-PAM Manual</refmiscinfo>
  </refmeta>

  <refnamediv xml:id="pam_shells-name">
    <refname>pam_shells</refname>
    <refpurpose>PAM module to check for valid login shell</refpurpose>
  </refnamediv>

  <refsynopsisdiv>
    <cmdsynopsis xml:id="pam_shells-cmdsynopsis" sepchar=" ">
      <command>pam_shells.so</command>
    </cmdsynopsis>
  </refsynopsisdiv>

  <refsect1 xml:id="pam_shells-description">

    <title>DESCRIPTION</title>

    <para>
      pam_shells is a PAM module that only allows access to the
      system if the user's shell is listed in <filename>/etc/shells</filename>.
    </para>

    <para condition="with_vendordir_and_with_econf">
      If this file does not exist, entries are taken from files
      <filename>%vendordir%/shells</filename>,
      <filename>%vendordir%/shells.d/*</filename> and
      <filename>/etc/shells.d/*</filename> in that order.
    </para>

    <para>
      It also checks if needed files (e.g. <filename>/etc/shells</filename>) are plain
      files and not world writable.
    </para>
  </refsect1>

  <refsect1 xml:id="pam_shells-options">

    <title>OPTIONS</title>
    <para> This module does not recognise any options.</para>
  </refsect1>

  <refsect1 xml:id="pam_shells-types">
    <title>MODULE TYPES PROVIDED</title>
    <para>
      The <option>auth</option> and <option>account</option>
      module types are provided.
    </para>
  </refsect1>

  <refsect1 xml:id="pam_shells-return_values">
    <title>RETURN VALUES</title>
    <variablelist>
      <varlistentry>
        <term>PAM_AUTH_ERR</term>
        <listitem>
          <para>
             Access to the system was denied.
          </para>
        </listitem>
      </varlistentry>
      <varlistentry>
        <term>PAM_SUCCESS</term>
        <listitem>
          <para>
            The user's login shell was listed as valid shell in
            <filename>/etc/shells</filename>.
          </para>
        </listitem>
      </varlistentry>
      <varlistentry>
        <term>PAM_SERVICE_ERR</term>
        <listitem>
          <para>
            The module was not able to get the name of the user.
          </para>
        </listitem>
      </varlistentry>
    </variablelist>
     </refsect1>

  <refsect1 xml:id="pam_shells-examples">
    <title>EXAMPLES</title>
    <para>
      <programlisting>
auth  required  pam_shells.so
      </programlisting>
    </para>
  </refsect1>

  <refsect1 xml:id="pam_shells-see_also">
    <title>SEE ALSO</title>
    <para>
      <citerefentry>
	<refentrytitle>shells</refentrytitle><manvolnum>5</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>pam.conf</refentrytitle><manvolnum>5</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum>
      </citerefentry>
    </para>
  </refsect1>

  <refsect1 xml:id="pam_shells-author">
    <title>AUTHOR</title>
      <para>
        pam_shells was written by Erik Troan &lt;ewt@redhat.com&gt;.
      </para>
  </refsect1>

</refentry>