Previous Next Contents

6.20 The wheel module

Synopsis

Module Name:

pam_wheel

Author:

Cristian Gafton <gafton@sorosis.ro>

Maintainer:

Author.

Management groups provided:

authentication

Cryptographically sensitive:

Security rating:

Clean code base:

System dependencies:

Requires libpwdb.

Network aware:

Overview of module

Only permit root access to members of the wheel (gid=0) group.

Authentication component

Recognized arguments:

debug; use_uid; trust; deny; group=XXXX

Description:

This module is used to enforce the so-called wheel group. By default, it permits root access to the system if the applicant user is a member of the wheel group (better described as the group with group-id 0).

The action of the module may be modified from this default by one or more of the following flags in the /etc/pam.conf file.

Examples/suggested usage:

To restrict access to superuser status to the members of the wheel group, use the following entries in your configuration file:

#
# root gains access by default (rootok), only wheel members can become
# root (wheel) but Unix authenticate non-root applicants.
#
su      auth     sufficient     pam_rootok.so
su      auth     required       pam_wheel.so
su      auth     required       pam_unix_auth.so


Previous Next Contents