Tryag File Manager

//proc/self/root/usr/share/doc/pam-0.99.6.2/html/sag-pam_rootok.html

<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>6.24. pam_rootok - gain only root access</title><meta name="generator" content="DocBook XSL Stylesheets V1.69.1"><link rel="start" href="Linux-PAM_SAG.html" title="The Linux-PAM System Administrators' Guide"><link rel="up" href="sag-module-reference.html" title="Chapter 6. A reference guide for available modules"><link rel="prev" href="sag-pam_rhosts.html" title="6.23. pam_rhosts - grant access using .rhosts file"><link rel="next" href="sag-pam_securetty.html" title="6.25. pam_securetty - limit root login to special devices"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">6.24. pam_rootok - gain only root access</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="sag-pam_rhosts.html">Prev</a> </td><th width="60%" align="center">Chapter 6. A reference guide for available modules</th><td width="20%" align="right"> <a accesskey="n" href="sag-pam_securetty.html">Next</a></td></tr></table><hr></div><div class="section" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="sag-pam_rootok"></a>6.24. pam_rootok - gain only root access</h2></div></div></div><div class="cmdsynopsis"><p><code class="command">pam_rootok.so</code>  [
        debug
      ]</p></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="sag-pam_rootok-description"></a>6.24.1. DESCRIPTION</h3></div></div></div><p>
      pam_rootok is a PAM module that authenticates the user if their
      <span class="emphasis"><em>UID</em></span> is <span class="emphasis"><em>0</em></span>.
      Applications that are created setuid-root generally retain the
      <span class="emphasis"><em>UID</em></span> of the user but run with the authority
      of an enhanced effective-UID. It is the real <span class="emphasis"><em>UID</em></span>
      that is checked.
    </p></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="sag-pam_rootok-options"></a>6.24.2. OPTIONS</h3></div></div></div><div class="variablelist"><dl><dt><span class="term">
          <code class="option">debug</code>
        </span></dt><dd><p>
            Print debug information.
          </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="sag-pam_rootok-services"></a>6.24.3. MODULE SERVICES PROVIDED</h3></div></div></div><p>
      Only the <code class="option">auth</code> service is supported.
    </p></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="sag-pam_rootok-return_values"></a>6.24.4. RETURN VALUES</h3></div></div></div><div class="variablelist"><dl><dt><span class="term">PAM_SUCCESS</span></dt><dd><p>
            The <span class="emphasis"><em>UID</em></span> is <span class="emphasis"><em>0</em></span>.
          </p></dd><dt><span class="term">PAM_AUTH_ERR</span></dt><dd><p>
            The <span class="emphasis"><em>UID</em></span> is <span class="emphasis"><em>not</em></span>
            <span class="emphasis"><em>0</em></span>.
          </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="sag-pam_rootok-examples"></a>6.24.5. EXAMPLES</h3></div></div></div><p>
      In the case of the <span class="citerefentry"><span class="refentrytitle">su</span>(1)</span> application the historical usage is to
      permit the superuser to adopt the identity of a lesser user
      without the use of a password. To obtain this behavior with PAM
      the following pair of lines are needed for the corresponding entry
      in the <code class="filename">/etc/pam.d/su</code> configuration file:
      </p><pre class="programlisting">
# su authentication. Root is granted access by default.
auth  sufficient   pam_rootok.so
auth  required     pam_unix.so
      </pre></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="sag-pam_rootok-author"></a>6.24.6. AUTHOR</h3></div></div></div><p>
        pam_rootok was written by Andrew G. Morgan, &lt;morgan@kernel.org&gt;.
      </p></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="sag-pam_rhosts.html">Prev</a> </td><td width="20%" align="center"><a accesskey="u" href="sag-module-reference.html">Up</a></td><td width="40%" align="right"> <a accesskey="n" href="sag-pam_securetty.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">6.23. pam_rhosts - grant access using .rhosts file </td><td width="20%" align="center"><a accesskey="h" href="Linux-PAM_SAG.html">Home</a></td><td width="40%" align="right" valign="top"> 6.25. pam_securetty - limit root login to special devices</td></tr></table></div></body></html>