|
pam_wheel - Only permit authentication to members of wheel group |
|
The pam_wheel PAM module limits the users who can become the root user based on the original users’ group memberships. Groups of users can be implicitly trusted or explicitly distrusted based on the combination of options (described below) that are specified when pam_wheel is configured. |
|
The following options are supported: |
|
always |
Per default pam_wheel only makes this checks if the new account has a UID 0. With this option, the checks will be made for every account. |
||
|
debug |
A lot of debug informations are printed with syslog(3). |
||
|
deny |
Reverse the sense of the auth operation: if the user is trying to get access to another account and is a member of the wheel group, deny access. |
|
group=xxxx |
|
Instead of checking the wheel group, use the xxxx group to peform the authentification. |
|
trust |
The pam_wheel module returns PAM_SUCCESS instead of PAM_IGNORE if the user is a member of the wheel group (which makes it possible to wheel group members to become root without being prompted for a password). |
|
use_getlogin |
|
Check for the wheel membership against the orignal login name. |
|
use_uid |
|
Check for wheel membership against the current UID instead of the original login name. This is the default. |
SEE ALSO
|