source-git / pam

Clone
Source Code
GIT

Files

  1.   7e982e56f66b90061d5bf584115f1a5d137a728a
  2.   modules
  3.   pam_sepermit
  4.   sepermit.conf.5
Blob Blame History Raw 
'\" t
.\"     Title: sepermit.conf
.\"    Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
.\"      Date: 05/18/2017
.\"    Manual: Linux-PAM Manual
.\"    Source: Linux-PAM Manual
.\"  Language: English
.\"
.TH "SEPERMIT\&.CONF" "5" "05/18/2017" "Linux-PAM Manual" "Linux\-PAM Manual"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
sepermit.conf \- configuration file for the pam_sepermit module
.SH "DESCRIPTION"
.PP
The lines of the configuration file have the following syntax:
.PP
\fI<user>\fR[:\fI<option>\fR:\fI<option>\fR\&.\&.\&.]
.PP
The
\fBuser\fR
can be specified in the following manner:
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
a username
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
a groupname, with
\fB@group\fR
syntax\&. This should not be confused with netgroups\&.
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
a SELinux user name with
\fB%seuser\fR
syntax\&.
.RE
.PP
The recognized options are:
.PP
\fBexclusive\fR
.RS 4
Only single login session will be allowed for the user and the user\*(Aqs processes will be killed on logout\&.
.RE
.PP
\fBignore\fR
.RS 4
The module will never return PAM_SUCCESS status for the user\&. It will return PAM_IGNORE if SELinux is in the enforcing mode, and PAM_AUTH_ERR otherwise\&. It is useful if you want to support passwordless guest users and other confined users with passwords simultaneously\&.
.RE
.PP
The lines which start with # character are comments and are ignored\&.
.SH "EXAMPLES"
.PP
These are some example lines which might be specified in
/etc/security/sepermit\&.conf\&.
.sp
.if n \{\
.RS 4
.\}
.nf
%guest_u:exclusive
%staff_u:ignore
%user_u:ignore
    
.fi
.if n \{\
.RE
.\}
.SH "SEE ALSO"
.PP
\fBpam_sepermit\fR(8),
\fBpam.d\fR(5),
\fBpam\fR(8),
\fBselinux\fR(8),
.SH "AUTHOR"
.PP
pam_sepermit and this manual page were written by Tomas Mraz <tmraz@redhat\&.com>

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation