Man page or keyword search:   man All Sections 1 - General Commands 2 - System Calls 3 - Subroutines, Functions 4 - Special Files 5 - File Formats 6 - Games and Screensavers 7 - Macros and Conventions 8 - Maintenence Commands 9 - Kernel Interface New Commands Server 4.4BSD AIX Alpinelinux Archlinux Aros BSDOS BSDi Bifrost CentOS Cygwin Darwin Debian DigitalUNIX DragonFly ElementaryOS Fedora FreeBSD Gentoo GhostBSD HP-UX Haiku Hurd IRIX Inferno JazzOS Kali Knoppix LinuxMint MacOSX Mageia Mandriva Manjaro Minix MirBSD NeXTSTEP NetBSD OPENSTEP OSF1 OpenBSD OpenDarwin OpenIndiana OpenMandriva OpenServer OpenSuSE OpenVMS Oracle PC-BSD Peanut Pidora Plan9 QNX Raspbian RedHat Scientific Slackware SmartOS Solaris SuSE SunOS Syllable Tru64 UNIXv7 Ubuntu Ultrix UnixWare Xenix YellowDog aLinux   8420 pages apropos Keyword Search (all sections) Output format html ascii pdf view pdf save postscript

PAM_WHEEL(8)		       Linux-PAM Manual			  PAM_WHEEL(8)

NAME
       pam_wheel - Only permit root access to members of group wheel

SYNOPSIS
       pam_wheel.so [debug] [deny] [group=name] [root_only] [trust] [use_uid]

DESCRIPTION
       The pam_wheel PAM module is used to enforce the so-called wheel group.
       By default it permits root access to the system if the applicant user
       is a member of the wheel group. If no group with this name exist, the
       module is using the group with the group-ID 0.

OPTIONS
       debug
	  Print debug information.

       deny
	  Reverse the sense of the auth operation: if the user is trying to
	  get UID 0 access and is a member of the wheel group (or the group of
	  the group option), deny access. Conversely, if the user is not in
	  the group, return PAM_IGNORE (unless trust was also specified, in
	  which case we return PAM_SUCCESS).

       group=name
	  Instead of checking the wheel or GID 0 groups, use the name group to
	  perform the authentification.

       root_only
	  The check for wheel membership is done only.

       trust
	  The pam_wheel module will return PAM_SUCCESS instead of PAM_IGNORE
	  if the user is a member of the wheel group (thus with a little play
	  stacking the modules the wheel members may be able to su to root
	  without being prompted for a passwd).

       use_uid
	  The check for wheel membership will be done against the current uid
	  instead of the original one (useful when jumping with su from one
	  account to another for example).

MODULE SERVICES PROVIDED
       The auth and account services are supported.

RETURN VALUES
       PAM_AUTH_ERR
	  Authentication failure.

       PAM_BUF_ERR
	  Memory buffer error.

       PAM_IGNORE
	  The return value should be ignored by PAM dispatch.

       PAM_PERM_DENY
	  Permission denied.

       PAM_SERVICE_ERR
	  Cannot determine the user name.

       PAM_SUCCESS
	  Success.

       PAM_USER_UNKNOWN
	  User not known.

EXAMPLES
       The root account gains access by default (rootok), only wheel members
       can become root (wheel) but Unix authenticate non-root applicants.

	  su	  auth	   sufficient	  pam_rootok.so
	  su	  auth	   required	  pam_wheel.so
	  su	  auth	   required	  pam_unix.so

SEE ALSO
       pam.conf(5), pam.d(8), pam(8)

AUTHOR
       pam_wheel was written by Cristian Gafton <gafton@redhat.com>.

Linux-PAM Manual		  06/09/2006			  PAM_WHEEL(8)

Vote for polarhome