Previous Next Contents

6.16 The root access module

Synopsis

Module Name:

pam_rootok

Author:

Andrew G. Morgan <morgan@parc.power.net>

Maintainer:

Linux-PAM maintainer

Management groups provided:

authentication

Cryptographically sensitive:

Security rating:

Clean code base:

Clean.

System dependencies:

Network aware:

Overview of module

This module is for use in situations where the superuser wishes to gain access to a service without having to enter a password.

Authentication component

Recognized arguments:

debug

Description:

This module authenticates the user if their uid is 0. Applications that are created setuid-root generally retain the uid of the user but run with the authority of an enhanced effective-uid. It is the real uid that is checked.

Examples/suggested usage:

In the case of the su application the historical usage is to permit the superuser to adopt the identity of a lesser user without the use of a password. To obtain this behavior under Linux-PAM the following pair of lines are needed for the corresponding entry in the configuration file:

#
# su authentication. Root is granted access by default.
#
su      auth     sufficient     pam_rootok.so
su      auth     required       pam_unix_auth.so

Note. For programs that are run by the superuser (or started when the system boots) this module should not be used to authenticate users.


Previous Next Contents